News

Open Source Code Tracking Offered to ISVs

• By Kurt Mackie
• June 4, 2007

One company, Palamida, is specifically focused on tracking intellectual property in open source code. The company provides its software suite to independent software vendors (ISVs) and corporate software users to assure the security and compliance of various open source solutions, as well as to track known vulnerabilities.

To help software vendors settle intellectual property and compliance issues up front, Palamida is offering its solutions to ISV members of the Open Solutions Alliance (OSA). The OSA is a vendor-neutral coalition that fosters interoperability among open solutions.

Palamida became an early member of the OSA from its inception because of the OSA's mission -- to accelerate the adoption of open source into the enterprise, said Theresa Bui Friday, vice president and cofounder of Palamida.

She added that it's fair to say that enterprise customers are using more open source software than they realize. Palamida's mission is to take away security and vulnerability hurdles considered by companies using open source software.

"Enterprises need to stop thinking about open source as different from proprietary solutions," she emphasized.

For instance, about 70 percent of open source software is licensed under the Free Software Foundation's General Public License (GPL), Bui Friday said. ISVs could move the licensing to using GPL version 3, and that might be something that companies would want to track. Palamida's solution lets companies set the policies for such changes, using white lists for acceptable usage and black lists for products and aspects they don't want.

"Our customers will have made up their minds about whether GPLv3 is right for them," she said. Our job at Palamida is to track the change."

For ISVs, Palamida's products help track changes that occur when solutions are combined after mergers and acquisitions. The company's IP Amplifier solution taps into a compliance library that includes more than 140,000 open source solution projects. The library includes code snippets, Java namespaces, IDs for binary files and various programming language signatures.

In addition, Palamida's Vulnerability Reporting Solution flags known security issues in open source software. It uses information from the National Vulnerability Database, which is sponsored by the U.S. Department of Homeland Security and run by the National Institute of Standards and Technology.

Palamida was formed about four years ago. Its founders -- including Theresa Bui Friday, Jeff Luscz and Ray Waldin -- had worked together at an earlier software development company and had experienced just how difficult it was to manually track open source code. A deal with IBM had faltered because of it, and that experience led to the formation of Palamida, Bui Friday said.

Palamida's solutions can change such difficulties for ISVs, Bui Friday emphasized.

"No one has ever used a Palamida solution that has not found five times more open source code than they anticipated," she said.