1) Mark, could you firstly give us an overview of what Palamida is and what are your core services?
A: Software development today results in hybrid applications made up of proprietary, open source and third party components.
In fact, applications developed within the last five years – whether internal or external - include at least 50% open source software (OSS) and other third-party components.
Of that amount, over 1/3 of it is undocumented code.
Palamida provides the industry’s first application security solution exclusively for open source software.
Our in-depth component-level analysis enables organizations to quickly identify and track undocumented code and its associated security vulnerabilities.
Organizations can also utilize our proprietary scanning techniques to pinpoint intellectual property and compliance issues – allowing development teams to cost-effectively manage and secure mission critical applications.
2) What is your most popular product/service and why?
A: Palamida Application Security Enterprise Edition (App Sec EE). The App Sec EE provides a comprehensive, end-to-end solution for requesting, registering, tracking, detecting, analyzing and reporting on open source use.
Organization’s rely on this solution to create an open line of communication and transparency in the software development process.
Major stakeholders such as Legal, Software Development, Security, and management teams can get detailed information on open source use, risks, and remediation in one core package.
Our reporting engine, along with our compliance and vulnerability libraries are the industry’s largest and most detailed, providing:
· 884K versions of OSS projects
· 10 million Java namespace names
· 400M binary files
· 7 billion source code signatures
· 878 OSS vulnerabilities alerts
3) What philosophy rules the way you work at Palamida?
A: First and foremost we listen to our customers. This might seem to be common sense but all too often vendors are driven by factors other than customer satisfaction and product usability.
It is critical that Palamida serve the community through our products, services and expertise in the most responsible and in-depth manner.
Our customers are the touch point, providing the direction for where our products and our company in general, needs to go.
We are also known for going the extra mile to insure that we are delivering more than our customers expect or are used to receiving.
Our core philosophy is to provide application security solutions for open source that help organizations manage its use in a practical and secure manner.
4) What are your views of the open source Sector in general?
A: It is central to how software is built today- and is an unstoppable wave.
In a research paper published in 2006 (Open Source in Global Software: Market Impact), IDC Research has called the use of open source, “the most significant, all-encompassing and long-term trend that the software industry has seen since the early 1980’s.”
Their data also revealed that open source was being used by 71% of worldwide developers, and was in production at 54% of their companies.
Additionally, A similar trend has been highlighted by Mark Driver, Senior Analyst, at Gartner Research who predicts that by 2010, open source products will be well established in 75% or more of mainstream enterprises.
As I mentioned above, over 50% of ALL applications, by lines of code count, are made up of open source. That’s a significant percentage of code and it shows no signs of stopping.
5) Last year, Palamida contributed a column on GPLv3 and why it matters to your company. Has anything changed in the open source world since then?
A: Has anything changed in the open source world? Yes.
The explosive growth of open source use throughout organizations worldwide has lead to increased attention, interest and importance in regards to application security.
A large percentage of vulnerabilities reside in the application layer. Most of which go undocumented.
Undocumented code, whether proprietary, third party or open source, introduces business, legal and security risks to organizations industry-wide.
As open source and third party component use are at the core of application development, detecting, managing and securing this code should be a priority for any organization concerned about security today.
6) What are your views regarding the purchase of open source companies like MySQL by for profit companies like Sun Microsystems; what might be some implications for (a) the companies themselves (b) their partners (c) their customers Where do you see Palamida and Open Source by this time next year?
A: I think these purchases are indicative of the fact that major software companies will adopt open source strategies for their products, and do so successfully.
We don’t see this as a bad thing, we see this as proof that the industry is well-established and continuing to grow.
Palamida is focused on our contributions to open source app sec as it is a core component to overall software integrity and stability.
By this time next year we hope that organizations are educated about the benefits of open source use and the risks of undocumented code and that they have enacted education, policy and technology to effectively manage it throughout their global development teams.
7) What tools are essential for your work?
A: My Email, PowerPoint and iPhone. Without those pieces of technology, I could not be everywhere I need to be at one time.
8) What sites do you consider as vital for your job?
We list all of the sites that we visit regularly (as there are so many), on our blog at http://www.palamida.com/blog (opens in new tab)
9) Who is the person in the Open Source industry who has inspired you the most and why?
I would have to say Tim OReilly. He is an influential figure in the open source community who, through the publication of his research and educational resources, has popularized and democratized open source for the masses.