Open source vulnerability reporting solution launched
Palamida announced that it has extended the reach of its extensive compliance library and launched a new service, the Vulnerability Reporting Solution (VRS). VRS works seamlessly with Palamida’s code audit compliance solution, IP Amplifier, to identify, prioritize, and report known vulnerabilities within open source code used in customers’ projects.
Existing vulnerability analysis solutions scan customers’ proprietary code to identify potential vulnerability holes due to coding practices such as buffer overflow and similar problems. The VRS complements these tools to further enhance the IT Governance process by both pinpointing the use of open source content and reporting on known vulnerabilities based on aggregated information from many sources.
The VRS is the perfect complement to vulnerability analysis implementations and further extends the breadth and depth of Palamida’s existing compliance library — the industry’s largest and most comprehensive database of its type.
Composed of 3 Terabytes worth of content, Palamida’s library contains over 140,000 OSS projects, 780,000 versions, 7 billion source code snippets, 10 million Java namespaces, 500 million binary file IDs, and Java, C/C++, Perl, Python, PHP, C#, and VB signatures, among other components.
The VRS provides relevant and timely information on open source vulnerabilities by leveraging data from the National Vulnerability Database (NVD), a comprehensive cyber security database sponsored by the Department of Homeland Security, run by the National Institute of Standards and Technology, with Common Vulnerability and Exposure (CVE) data from The MITRE Corporation. The NVD integrates all publicly available US government vulnerability resources and provides references to industry resources for the purpose of assisting with remediation efforts. The NVD currently contains over 23,700 known vulnerabilities in total, 89 US-CERT issued alerts, and 1,900 US-CERT vulnerability notes. There are an average of 19 new CVEs added to the NVD each day.