DATA S HE E T
Palamida Enterprise Edition
Palamida Enterprise
Edition At A Glance
Targeted towards organizations
concerned with managing both
vulnerabilities and IP issues
that can arise from using
undocumented open source
• Facilitates sharing of relevant
data across teams: engineering,
security, legal and management
• Includes comprehensive
detection techniques to protect
against security vulnerabilities
and IP violations due to false
negatives
• Sends vulnerability and IP alerts
to appropriate stakeholders for
remediation
• Provides centralized dashboard
for 360° view of risks that
could impact mission critical
application
• Establishes registry of
authorized open source
components, licenses and
secure versions for standardized
use across the organization
The First Application Security Solution for Open Source
Palamida Enterprise Edition is an end-to-end solution that identifies, assesses, and
manages open source vulnerabilities, compliance issues, and license concerns within
custom-built software applications. By creating visibility into software content, Palamida
Enterprise Edition helps engineering, security, and legal teams manage and secure their
use of open source software:
• Document Your Open Source Usage: Ensure rapid and accurate analysis of
custom-built applications, provide an inventory of open source components and their
location within your code base, and report on associated vulnerabilities, license and
copyright information.
• Assess Your Exposure to Risk: Provide a reliable framework for security and
IP stakeholders to receive alerts of issues as they arise, assess violations against
established policies, and document the decisions around remediation.
• Manage Compliance and Collaboration: Assist in establishing procedures,
implementing policy and enabling collaboration for approval and/or registry of open
source use prior to inclusion within applications.
Document Your Open Source Usage
Vulnerability and IP Detection Engines
Software developers have almost one million popular open source project versions (and counting) to choose
from when building custom applications, an enormous benefit in terms of cost and time savings. However, most
open source use remains undocumented – without formal record of its existence within your mission critical
applications and products. Identifying which components, versions and even partial components have been
actually adopted, after the fact, is time consuming and difficult. Without this level of documentation, it is difficult
for development, security, and legal teams to fully assess the risk level of mission critical applications.
Palamida’s specialized vulnerability and IP detection engines leverage patent-pending technology to detect
the components, versions and even partial component code that have been used. Detection capability spans
binary files, source code, Java name spaces, copyright, license and user-specified search terms across multiple
languages including Java, JavaScript, C#, C/C++, Perl, Python, PHP and Visual Basic. The ability to analyze
binary files and archives means that the detection engines can find open source use, even when source code is
not available – something not possible with manual analysis or simple in-house tools.
The vulnerability engine leverages data derived from multiple sources including the National Vulnerability
Database, sponsored by the Department of Homeland Security, to identify and report on vulnerable versions
of components found in your code base. Users receive an open source inventory, descriptions of projects, and
relevant Common Vulnerability Enumerations and severity. In addition, the software pinpoints the exact location of
the open source inside the code base for remediation.

The vulnerability and IP detection engines
leverage the industry’s largest index
of open source components. The index
is continuously growing and currently
includes:
• 884,000 versions of open source
projects and associated licenses
• 8 billion source code fingerprints
• 500 million binary files
• 13 million Java namespace names
• Over 4,500 popular open source
project versions and associated
vulnerability alerts
Palamida Enterprise Edition is capable
of scanning source files of all kinds:
.c .h .cpp .hpp .cxx, .java, .js, .pl, .pm,
.php, .py, and .vb. If source code is
not available, the software can detect
licenses, java namespaces, binary files,
copyright text, and even text files as
part of its identification of open source
usage.
CodeRank™ is a patented system for
classifying open source code snippet
matches. By evaluating snippets on
multiple levels – uniqueness, coverage,
and clustering – CodeRank lists the
most relevant matches first.
Concise reporting on known vulnerabilities for all detected open source
Vulnerability and IP Analyzers
The nature of code reuse in the open source development model makes accurate identification and the review of
false positive matches tedious.
Palamida’s technology includes identification algorithms that provide automated analysis ranging from source
code snippet matches to component and version level usage. Java™ Auto-inventory, based on a patent-pending
Java analysis algorithm and specialized database of millions of Java namespace names, provides accurate,
automated identification of Java projects – virtually eliminating the need for manual analysis of source code.
Additional detectors are specifically tuned for the highest levels of automated identification across all languages.
Assess Your Exposure to Risk
Dashboard
Providing relevant information appropriate to individual stakeholders across a cross-functional team is
challenging. Palamida Enterprise Edition turns data into actionable and measurable information with an alert-
based reporting system that provides pertinent information based on each person’s functional role.
The dashboard provides a centralized view of the documentation, assessment and monitoring of open source
use. It provides vulnerability and IP alerts, and allows users to drill down on details and assign issues for
remediation. For executive managers, the dashboard provides the ability to track security and IP violations across
the enterprise.
For security teams, Palamida reports on known vulnerabilities for detected open source components. With one-
click, you will know exactly where vulnerabilities may impact deployed applications. This level of detail allows you
to focus on remediation with precision and speed.
At the same time, legal stakeholders see a summary of the inventory of open source components, compliance
status, and license and copyright information, to address intellectual property problems before they arise.
Since one size does not fit all, you can customize reports to tailor information for specific roles in your
organization. Reports can be easily and securely distributed to select people when you need to share data.
 At-a-glance view of enterprise vulnerability and IP exposure

Key Benefits:
• Make open source use decisions
visible, documented part of
Manage Compliance and Collaboration development process
Policy Manager • Provide audit trail regarding open
Preventing undocumented code from entering a code base is more cost-effective than remediating associated source use
problems after application deployment. Palamida Enterprise Edition allows managers to establish both security • Enable “conditions of use” as part of
and IP policies based on the business requirements of their organizations. Final inventory of open source open source security and IP policy rules
software and associated vulnerability and IP intelligence can be included as part of release readiness criteria
before application deployment.
Legal and security teams can create open source policies and compliance can be checked during the
development process. Lawyers can set license policies, such as blacklisting specific license types and versions,
while security managers can set usage policies such as whitelisting specific open source component versions
that have been reviewed and approved.
Engineering teams can shorten the development time by ensuring compliance with established policy early in the
process. They can easily determine what components are approved so that they use the correct versions in their
work, reducing rework from late detection. When a new module is needed, the system triggers a request process
to ensure that all the appropriate information regarding version, use, license, and vulnerabilities are documented.

Adapts to Existing Processes and IT Environments

The software is designed for integration with existing development tools and processes. The Palamida API,
based on the Groovy scripting language, facilitates the integration of the Palamida Enterprise Edition with other
applications, including existing build environments such as IBM BuildForge, IBM Clearcase, Subversion, Borland
Gauntlet, etc. Through such integration, incremental scans can be automatically triggered for specific builds,
ensuring that any new issues are found promptly and can be acted on appropriately.
 Palamida Products Portfolio
In addition to the Enterprise Edition, Palamida also provides the Standard Edition and Compliance Edition.
Standard Edition is designed for organizations whose primary concerns are managing vulnerability alerts and
version updates. Compliance Edition is designed for organizations whose primary concerns are intellectual
property issues regarding license compliance and conflicts.

Enterprise Edition Standard Edition Compliance Edition

Vulnerability Detection Engine • •
Vulnerability Analyzer • •
IP Detection Engine • •
IP Analyzer • •
Dashboard • • •
Policy Manager • • •
Integration Framework • • •

Technical Specifications
Server Recommendations:
Hardware 16 GB Memory (32 GB recommended)
2.4 Ghz or higher CPU
64 bit CPU - Intel/Opteron
300 GB disk space
Operating Systems Windows XP (64-bit) - SP2
Windows Vista (64-bit)
Fedora Core 7 (64-bit)
Red Hat Enterprise 4 (64-bit)
Software Java JDK 1.5.0

About Palamida, Inc.

Palamida is the industry’s first application security solution exclusively for Open Source Software that uses
component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities
as well as intellectual property and compliance issues, enabling organizations to cost-effectively manage and
secure mission critical applications and products.

Contact Us
For more information on how Palamida can help your organization mitigate risk and meet both corporate
standards and security and regulatory compliance, contact us at sales@palamida.com or (415) 777-9400 x 123.

215 Second Street

1st Floor
San Francisco, CA 94105
P: 415.777.9400
F: 415.777.5800
www.palamida.com

© 2008 Palamida, Inc. All rights reserved. Palamida

and the Palamida logo are trademarks of Palamida, Inc.
All other trademarks and registered trademarks are the
property of their respective holders.