SAN FRANCISCO, Feb. 13 /PRNewswire/ -- Palamida(TM), the leader in application security for open source vulnerability detection, announced today that it has joined the McAfee(R) Security Innovation Alliance(TM) as an inaugural member. Through the program, Palamida will integrate their vulnerability reporting capabilities with McAfee's ePolicy Orchestrator(R) (ePO(TM)), enabling customers to extend the scope of their application security strategy to include open source components while mitigating risk.
SAN FRANCISCO, Feb. 13 /PRNewswire/ — Palamida(TM), the leader in application security for open source vulnerability detection, announced today that it has joined the McAfee(R) Security Innovation Alliance(TM) as an inaugural member. Through the program, Palamida will integrate their vulnerability reporting capabilities with McAfee's ePolicy Orchestrator(R) (ePO(TM)), enabling customers to extend the scope of their application security strategy to include open source components while mitigating risk.
According to IDC, 86% of open source software projects are in some form of production deployment and usage while 70% are of critical or high importance to the organization.
"Open source is no more or no less risky than proprietary code," said Mark Tolliver, CEO of Palamida. "But its use often goes undocumented and as such falls outside of existing application security policies. Palamida's integration with ePO will enable joint customers to manage and secure their use of open source as part of a comprehensive security strategy."
McAfee ePO, an industry-leading security and compliance risk management solution, already manages a broad portfolio of security and compliance management solutions from McAfee. Now Palamida customers will be able to leverage this established management platform to centrally manage their undocumented, potentially vulnerable, open source code.
"Palamida is an important addition to the McAfee Security Innovation Alliance," said Joe Gottlieb, vice president of corporate strategy and technology alliances, McAfee. "The use of open source has become a significant force in today's software development process. Palamida's solution identifies undocumented open source code and associated vulnerabilities; our partnership will extend the reach of ePO and its security risk management functions into this critical and rapidly growing piece of the software infrastructure."
Vulnerability Reporting Solution
The Vulnerability Reporting Solution (VRS) identifies, prioritizes and reports known vulnerabilities within open source code used in customers' projects.
The vulnerability library, the cornerstone of the VRS, is a database that contains signatures enabling unique detection of over 2.9 million open source files with reported vulnerabilities. The library contains 878 reported vulnerabilities associated with the most common open source projects Palamida finds embedded inside enterprise applications. The VRS is detection and reporting software that discovers and identifies all unknown open source code inside internally developed enterprise applications, providing an immediate report on their existing vulnerabilities.
It allows users to further develop their security policies for open source use such as:
* Identification of all open source in the code base; * Pinpointing its exact location within the code base; * Measuring third-party code dependence; * And tracking associated vulnerabilities.
The end result is a complete blueprint of all open source used across the enterprise code base.
Palamida enables organizations to manage the growing complexity of multi-source development environments by helping to ensure the integrity and security of open source code. Through detailed analysis of the code base customers gain insight into their code inventory — what they have, whether they can use it, and whether it is secure — critical components of quality control, risk mitigation, and vulnerability assessment. Customers include Avaya, Cisco Systems, EMC, Microsoft and Sun Microsystems, among others. For more information visit: http://www.palamida.com.