DATA S HE E T
Palamida Compliance Edition
Palamida Compliance
Edition At A Glance
• Targeted towards companies
primarily concerned with
managing open source license
obligations, restrictions, and
conflicts
• Includes comprehensive
detection techniques to protect
against IP violations due to false
negatives
• Establishes license policy and
review process of open source
before inclusion into code base
• Tracks compliance to established
polices via IP alerts to protect
against unintentional IP
infringement
• Creates an audit trail of
decisions surrounding open
source use
The First Application Security Solution for Open Source
Palamida Compliance Edition is a complete end-to-end solution that identifies, assesses,
and manages open source license and copyright to secure the intellectual property
inside custom-built applications. It is designed for companies whose primary concerns
are managing open source license obligations, restrictions and conflicts.
Today’s software developers don’t need to reinvent the wheel. Often, innovation results
from combining successful software projects with new components in creative ways.
Leveraging open source code reduces costs, accelerates development cycles and
enables innovation. In fast-paced development environments, assessing risks associated
with using third-party intellectual property is easily overlooked.
By creating visibility into open source software use, Palamida Compliance Edition
helps software engineering and legal teams manage their open source software use
effectively:
• Document Your Open Source Usage: Ensure rapid and accurate analysis of
custom-built applications, provide an inventory of open source components and
their location within your code base, and report on associated license and copyright
information.
• Assess Your Exposure to Risk: Provide a reliable framework for IP stakeholders
to receive IP alerts as they arise, assess violations against established policies, and
document the decisions around remediation.
• Manage Compliance and Collaboration: Assist in establishing procedure,
implementing license policy and enabling collaboration across organization
stakeholders for approval of open source use prior to inclusion inside applications.
Document Your Open Source Usage
IP Detection Engine
Software developers have almost one million popular open source project versions (and counting) to choose
from when building custom applications, an enormous benefit in terms of cost and time savings. However, most
open source use remains undocumented – without formal record of its existence within your mission critical
applications and products. Identifying which components, versions and even partial components have been
actually adopted, after the fact, is time consuming and difficult. Without this level of documentation, it is difficult
for development and legal teams to fully assess the risk level of mission critical applications.

Palamida Compliance Edition is capable
of scanning source files of all kinds:
.c .h .cpp .hpp .cxx, .java, .js, .pl, .pm,
.php, .py, and .vb. If source code is
not available, the software can detect
licenses, java namespaces, binary files,
copyright text, and even text files as
part of its identification of open source
usage.
CodeRank™ is a patented system for
classifying open source code snippet
matches. By evaluating snippets on
multiple levels – uniqueness, coverage,
and clustering – CodeRank lists the
most relevant matches first.
At-a-glance enterprise view of IP exposure
Palamida’s specialized IP detection engine leverages our patent-pending technology to detect the projects,
versions and portions of component code that have been used. Detection capability spans binary files, source
code, Java name spaces, copyright, license and user-specified search across multiple languages including Java,
JavaScript, C#, C/C++, Perl, Python, PHP and Visual Basic. The ability to analyze binary files and archives means
that the detection engines can find open source use, even when source code is not available.
Specialized engines for open source license and copyright detection help pinpoint issues specifically around
intellectual property risk management. Applying a massive multi-pattern search technology to open source
licenses, the software is able to identify license text and associate the correlating product files to the matches.
Copyright detection finds copyright notices in code files to enable quick identification of parts of the code base
not owned by your company. It also enables users to sort and categorize your code base by unique copyright
holders – something very difficult to do in manual analysis or using simple in-house tools.
The IP detection engine leverages the industry’s largest index of open source software identifiers and specialized
databases to provide project detail, license, and copyright information. The index is continuously growing and
currently includes signatures for:
• 884,000 versions of open source projects and associated licenses
• 8 billion source code fingerprints
• 500 million files
• 13 million Java namespace names
IP Analyzer
The nature of code reuse in the open source development model makes accurate identification and the review of
false positive matches tedious.
Palamida’s technology includes multiple automated identification algorithms that enable users to see results
ranging from detailed source code snippet analysis, to reports at the component level. For example, Java™
Auto-inventory, based on a patent-pending Java analysis algorithm and specialized database of 10 million Java
namespace names, provides accurate, automated identification of Java projects and virtually eliminates the need
for manual analysis of source code. Additional point detectors are specifically tuned for the highest levels of
automated identification across all languages.
 Automated license reports for fast identification of policy violations

With policy manager, lawyers make

Assess Your Exposure to Risk policy decisions that can persist
across the organization or be
Dashboard
specified as one-time use only. This
Providing relevant information that is appropriate to individual stakeholders across a cross-functional team is “smart” functionality fuels efficiency
challenging. Palamida turns data into actionable and measurable information with an alert-based reporting gains over time as the number of
system that provides pertinent information based on each person’s functional role. policy rules expand, saving legal
teams and managers valuable time in
The dashboard provides a centralized view of the documentation, assessment and monitoring of open source reviewing licenses and usage criteria
use. It provides IP alerts and allows users to drill down on details and assign issues for remediation. For executive that have been previously reviewed.
managers, the dashboard provides the ability to track IP violations across the enterprise.
Lawyers will see a summary of the inventory of open source components, compliance status, license information,
product description, and copyright information to allow for quick remediation before problems arise.
The detailed reports provided are also customizable. Since one size does not fit all, you can set up multiple,
customized reports to tailor the information for specific roles in your organization. Reports can be easily and
securely distributed to select people when you need to share data.

Manage Compliance and Collaboration

Policy Manager
Preventing undocumented code from entering a code base is more cost-effective than remediating associated
problems after application deployment. Palamida Compliance Edition allows managers to establish IP policies based
on the business requirements of their organizations. Final inventory of open source software and associated IP
intelligence can even be included as part of release readiness criteria before application deployment.
Policy manager allows lawyers to put in place license policies that can be audited for compliance during the
development process. Legal teams can set policies, such as blacklisting specific license types and versions,
mandate conditions of use, and track acknowledgment of use conditions by engineering teams.
Using policy manager, engineering teams can shorten the software development lifecycle. They can easily
determine what components are approved so that they use the correct versions in their work. When a new
module is needed, the system triggers a request process to ensure that all the appropriate information regarding
version, use, and license is included.
The request can be automatically compared to a company’s customized policy of approved and unapproved
components and even licenses, providing an instant approval or denial. For components not previously
authorized, the request is forwarded to appropriate managers for review. The request arrives with a rich set of
information that allows managers to make proper legal decisions and enables them to compare the current
 request against past projects and existing IP policies. An approval or denial can be quickly issued or sent back for
more information. With visibility of all requests, managers can set the IP policy for each project, track all in-bound
components and analyze compliance against existing policy.

Adapts to Existing Processes and IT Environments

Palamida solutions are designed for integration with existing software development tools and processes. The
Palamida API, based on the Groovy scripting language, facilitates the integration of the Palamida Compliance
Edition with other applications, including existing build environments such as IBM BuildForge, IBM Clearcase,
Subversion, Borland Gauntlet, etc. Through such integration, incremental scans can be automatically triggered for
specific builds, such as release candidates, ensuring that any new issues are found promptly and can be acted
on appropriately.

Palamida Products Portfolio

In addition to the Enterprise Edition, Palamida also provides the Standard Edition and Compliance Edition.
Standard Edition is designed for organizations whose primary concerns are managing vulnerability alerts and
version updates. Compliance Edition is designed for organizations whose primary concerns are intellectual
property issues regarding license compliance and conflicts.

Enterprise Edition Standard Edition Compliance Edition

Vulnerability Detection Engine • •
Vulnerability Analyzer • •
IP Detection Engine • •
IP Analyzer • •
Dashboard • • •
Policy Manager • • •
Integration Framework • • •

Technical Specifications
Server Recommendations:
Hardware 16 GB Memory (32 GB recommended)
2.4 Ghz or higher CPU
64 bit CPU - Intel/Opteron
300 GB disk space
Operating Systems Windows XP (64-bit) - SP2
Windows Vista (64-bit)
Fedora Core 7 (64-bit)
Red Hat Enterprise 4 (64-bit)
Software Java JDK 1.5.0
215 Second Street
1st Floor
San Francisco, CA 94105
About Palamida, Inc.
P: 415.777.9400
Palamida is the industry’s first application security solution exclusively for Open Source Software that uses
F: 415.777.5800
www.palamida.com component-level analysis to quickly identify and track undocumented code and associated security vulnerabilities
as well as intellectual property and compliance issues, enabling organizations to cost-effectively manage and
secure mission critical applications and products.

© 2008 Palamida, Inc. All rights reserved. Palamida

and the Palamida logo are trademarks of Palamida, Inc.
All other trademarks and registered trademarks are the
property of their respective holders.
Contact Us
For more information on how Palamida can help your organization mitigate risk and meet both corporate
standards and security and regulatory compliance, contact us at sales@palamida.com or (415) 777-9400 x 123.