This is terrific news for Flexera, our customers and partners. Our business sits at the nexus between the world’s software producers and buyers – repairing the broken software supply chain, which is the most dysfunctional supply chain in all of business today. That dysfunction manifests as risk and cost – to both the producers of software and the enterprises that buy software – as they solve the complex, time consuming, and expensive problems of ensuring licensing compliance and security from vulnerabilities.
We estimate that the cost to software producers and their customers as a result of the broken software supply chains is many tens of billions of dollars per year globally. And that’s just looking at commercial software. Organizations are only just now beginning to look more closely at the costs and risks of open source – and the scope of the problem is dazzling. This acquisition is a natural fit for us, extending our ability to help customers manage the compliance and security risk inherent in the under-managed, uncharted world of open source software components.
Risky, Unmanaged Open Source Software is Everywhere
First, some background will help. Open source software is used extensively by virtually all software developers – whether they are commercial software vendors, intelligent device and Internet of Things (IoT) manufacturers, or developers within other types of enterprises or government agencies that build their own proprietary applications for use in-house or for the benefit of their customers. Despite its ubiquity, open source software is largely unmanaged. Software developers frequently do not know or track what specific open source components have been incorporated into their software, whether that open source software is in compliance with licensing terms, and whether it contains any software vulnerabilities that can be exploited by hackers.
You may remember when the Heartbleed vulnerability in the OpenSSL cryptography library sent waves of panic rippling through the software industry and enterprises around the world. Software developers didn’t know enough about the open source components used in their own products to understand whether their software was vulnerable – and their customers using that software didn’t know either. The scale of security and compliance risk in open source software is massive – and Flexera is committed to helping our customers reduce that risk in the same way we already do for proprietary software.”
Palamida’s Products & Synergies with Flexera Solutions
Palamida products include Enterprise Edition, which helps organizations desiring to establish an end-to-end solution to approve, scan and track open source and other third party code in their development projects and to stay current on license, vulnerability and other information about the software they use. Standard Edition, designed for organizations focusing first on analysis of code content, contains the scanning and analysis features of Enterprise Edition. And Governance Edition, designed for organizations starting their compliance program with a focus on developer disclosure, contains the request and approval workflow features of Enterprise Edition.
Palamida’s products are highly synergistic with Flexera’s solutions. Their products will enhance our Software Monetization business processes. For example, licensing and security is critical to protecting a companies' intellectual property. Proper management of open source software use ensures that proprietary code is not unknowingly being put under General Public License (GPL). Palamida’s solutions enable our customers to preserve and protect their IP by understanding where and how open source code is used alongside their proprietary code. It will also provide customers with a complete Bill of Materials and Third Party Discloser list ensuring they have the proper rights to distribute the open source software used in their product. The solutions also provide valuable traceability for compliance with export control regulations.
In addition, entitlement management gives producers a clear understanding of what customers have access to, for how long (the term) and visibility into what they’re actually using. Palamida’s solutions identify known vulnerabilities in the open source software being used. When software producers update their product to remediate vulnerabilities (i.e. patches, upgrades, etc.) it is important that they know exactly which customers need the update and that they have an efficient way not only to deliver these updates but to also track which customers have applied the updates.
You’ll be hearing a lot more from us about open source compliance and vulnerability management in the days and weeks ahead! And in the meantime, let us know your thoughts!