UBM: TECH DIGITAL RESOURCE LIBRARY

Palamida

Palamida is the industry's first application security solution exclusively for Open Source Software that uses component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities as well as intellectual property and compliance issues, enabling development organizations to cost-effectively manage and secure mission critical applications and products.

Our Website: http://palamida.com


Latest Content From Palamida

Whitepaper: Software Assurance Protection: Bridging the Gap in Application Security for Open Source

by PalamidaSep 01, 2008

Software security in general, and application security specifically, is a significant element of compliance with the laws, regulations, and policies that govern most organizations and their proprietary data. Weak software security can represent, for example, a significant control deficiency in terms of compliance with the Sarbanes-Oxley Act, the Payment Card Industry Data Security Standard, among others. Different teams within an organization have responsibilities for ensuring the security of web and software applications � from engineering teams that write the code all the way to the audit committee of the Board of Directors that must assess compliance to appropriate processes for managing information reliability and security. This paper provides an overview of the need for application security for open source, an often overlooked but critical part of an organization�s existing software assurance framework.


Whitepaper: Security Implications of Web 2.0 Services: Undocumented Code and Content is Leaving a Gap in Your Application Security Strategy

by PalamidaJul 01, 2008

Organizations worldwide are embracing and leveraging Web 2.0 for improved products, services, and overall business strategies. The same Web 2.0 characteristics that enable creativity, productivity and collaboration also make the Web 2.0 ecosystem prone to successful attacks and theft. The Web 2.0 global ecosystem increases the vulnerability of distributed software and exposes it to piracy and abuse, especially in places known for intellectual property neglect. User-friendly open source development technologies (Dojo, Freetype, script.ac.clous) enable masses of individuals to become developers, while not necessarily ensuring that securing the application development process stays a core focus. This can lead to an explosion of defenseless applications that also serve as intermediaries for attacks on enterprises. With communal software ownership, hackers have easy and free access to attack and theft enablers.


Whitepaper: How to Lower Your Total Cost of Ownership of Open Source: What IT Executives Need to Know

by PalamidaJun 01, 2008

IT executives at leading organizations have become aware of the need to shift their organizations from cost centers to profit centers by aligning their mission with business requirements and operations. In doing so, they have ensured that their teams are valuable business partners and instrumental in enhancing revenue and profits. One key technology enabler in this new role has been the use open source software in internally developed applications for competitive advantage. Today, developers increasingly use open source software components to provide critical functionality inside these applications in order to meet tight deadlines with smaller budgets.

Open source has the potential to save an organization from $164K for small projects to $4.3M for large projects in development and QA resources. IDC has called the use of open source the most significant, all-encompassing and longest trend that the software industry has seen since the early 1980's. Further illustrating this trend, a 2007 report by Gartner Research predicts that by 2008, 95% of Global 2000 organizations will have formal open-source acquisition management strategies in place to address the challenges and opportunities of open source.

This white paper is for IT executives and their organizations that want to accelerate the use of open source adoption, lower their total cost of ownership of the technology, while minimizing the associated security risks.


Whitepaper: What Every Chief Security Officer and Security Savvy Executive Needs to Know about Open Source Software

by PalamidaJun 01, 2008

An application security for open source strategy requires processes, training and tools. It also requires a partnership between security and engineering teams. The nature of the partnership is based on two key elements. The first element is an accurate inventory of open source components. The second element includes a system to associate the open source projects in use with known and published vulnerabilities, managed by the security team. With new awareness, coupled with robust new tools for open source management, both elements can be addressed and the gap can be easily bridged.

In this White Paper you'll find immediate action items for your team to forge a solid application security strategy. In addition, you'll learn the top ten questions you need to ask key managers about application deployment and management to make sure your Application Security strategy is complete.


Whitepaper: Undocumented Open Source Leaves a Gap in Your Application Security Strategy

by PalamidaMar 06, 2008

This paper examines the benefits of shifting your security focus to the Open Source Software components in your application layer. Prevalence of Open Source Software in typical company's software and products as well as potential security vulnerabilities and possible solutions to undocumented OSS code are also reviewed in detail.

Application security is more susceptible than ever in today's dynamic application development landscape. Most applications, internal and external, developed within the last five years, include at least 30% open source (OSS) and third-party components. And by 2010, open source products will be well established in 75% or more of mainstream enterprises. While important to a company's bottom line, this increase in OSS usage presents a huge security challenge to organizations industry-wide. The root cause of many application security vulnerabilities lies in the application source code. The problem is that the sheer size of a code base coupled with the number of contributing developers makes it nearly impossible for companies to get an accurate assessment of their software assets, much less a clear understanding of the vulnerabilities associated with the adopted code.


Whitepaper: An Analysis of the Key Market Segments of Application Security for Open Source Software

by PalamidaMar 06, 2008

This paper will examine four basic market segments of the emerging Application Security Space for Open Source Software (OSS). Included will be a discussion of available tools and strategies for maximizing safe use of OSS during the software development process so as to maintain a high degree of security in a company's critical software applications and products.

The requirement to create and maintain secure applications is challenging one, requiring detailed understanding of the software development process. In today's software development world, no trend has had a more widespread impact than the use of open source software. Applications built recently (in the last 5 years) are likely to be fifty percent or more comprised of open source software components when measured on a lines of code basis. Open source software is not inherently any more or less secure than other software, but it is more likely to be undocumented. That is, it may have been incorporated into a software application without a review process, and without formal documentation recording its use. Because of this, normal processes of code review, static analysis, and patch updates may not take place, and vulnerabilities may not be addressed. In addition to vulnerability issues, open source software greatly expands the requirement to address the issue of intellectual property infringement since open source software components are licensed under a wide range of terms.

The widespread use of open source code and the potential that it may be undocumented, has led to the need to address application security in a comprehensive fashion. This paper will address the range of tools available, and will introduce an important new strategy to allow maximum leverage of open source software safely and securely during the software development process.

The rest of this paper addresses the spectrum of technologies that can form the basis of a comprehensive application security strategy for the use of open source, and deliver the benefits of open source software.