Application Security
07:10 AM
Dark Reading
Dark Reading
Products and Releases

Flexera Software Acquisition Tackles Open Source Software Security Risks

Extends license compliance and security capabilities into the under-managed world of open source software components.

ITASCA, IL--(Marketwired - October 27, 2016) - Flexera Software, the leading provider of next-generation software licensing, compliance, security and installation solutions for application producers and enterprises, today announced that it has acquired Palamida, provider of Software Composition Analysis solutions. The financial terms of the acquisition have not been disclosed.

Flexera's business sits at the nexus between the world's software producers and buyers -- repairing the broken software supply chain, which is the most dysfunctional supply chain in all of business today. That dysfunction manifests as risk and cost -- to both the producers of software and the enterprises that buy software -- as they solve the complex, time consuming, and expensive problems of ensuring licensing compliance and security from vulnerabilities.

"We estimate that the cost to software producers and their customers as a result of the broken software supply chains is many tens of billions of dollars per year globally. And that's just looking at commercial software. Organizations are only just now beginning to look more closely at the costs and risks of open source -- and the scope of the problem is dazzling," said Jim Ryan, Flexera's President and CEO. "This acquisition is a natural fit for us, extending our ability to help customers manage the compliance and security risk inherent in the under-managed, uncharted world of open source software components."

Risky, Unmanaged Open Source Software is Everywhere

Open source software is used extensively by virtually all software developers -- whether they are commercial software vendors, intelligent device and Internet of Things (IoT) manufacturers, or developers within other types of enterprises or government agencies that build their own proprietary applications for use in-house or for the benefit of their customers. Despite its ubiquity, open source software is largely unmanaged. Software developers frequently do not know or track what specific open source components have been incorporated into their software, whether that open source software is in compliance with licensing terms, and whether it contains any software vulnerabilities that can be exploited by hackers.

"Everyone remembers when the Heartbleed vulnerability in the OpenSSL cryptography library sent waves of panic rippling through the software industry and enterprises around the world. Software developers didn't know enough about the open source components used in their own products to understand whether their software was vulnerable -- and their customers using that software didn't know either," commented Ryan. "The scale of security and compliance risk in open source software is massive -- and Flexera is committed to helping our customers reduce that risk in the same way we already do for proprietary software."

Palamida's Products & Synergies with Flexera Solutions

Palamida products include Enterprise Edition, which helps organizations desiring to establish an end-to-end solution to approve, scan and track open source and other third party code in their development projects and to stay current on license, vulnerability and other information about the software they use. Standard Edition, designed for organizations focusing first on analysis of code content, contains the scanning and analysis features of Enterprise Edition. And Governance Edition, designed for organizations starting their compliance program with a focus on developer disclosure, contains the request and approval workflow features of Enterprise Edition.

Palamida's products are highly synergistic with Flexera's solutions. For example, Flexera's Installation solutions are used by most software developers around the world for creating professional and reliable installation packages. Palamida's solutions will create tremendous additional value by enabling those developers to identify open source software and any license compliance and security risks it may contain -- at the time they're packaging up their software into an installation -- before distributing it to their customers or internal users.

In addition, Flexera builds and maintains the world's most comprehensive software vulnerability intelligence database to power its market-leading Software Vulnerability Management solutions. That database can be extended to Palamida's products, extending their current vulnerability management capabilities to make them the most comprehensive Software Composition Analysis solutions in the world for detecting open source security vulnerabilities. Additional synergies are also being explored as Flexera continues to push boundaries in transforming Software Asset Management and Software License Optimization.

"We are extremely positive about this acquisition and we are convinced that it is a win-win for our customers, employees and products," said Mark Tolliver, Palamida's CEO. "Flexera's deep expertise in software license compliance and vulnerability management is exactly what we hoped to find in an acquiring company, and I'm confident that Flexera will invest in our products and take them to the next level. And its significant sales, marketing and channel operations will enable us to shine a global spotlight on Software Composition Analysis and increase our ability to serve customers worldwide."


Learn more about Flexera Software's:

Related Flexera Software Webinars

Related Flexera Software White Papers

About Flexera Software

Flexera Software helps application producers and enterprises increase application usage and the value they derive from their software. Our software licensing, compliance and installation solutions are essential to ensure continuous licensing compliance, optimized software investments and to future-proof businesses against the risks and costs of constantly changing technology. Over 80,000 customers turn to Flexera Software as a trusted and neutral source for the knowledge and expertise we have gained as the marketplace leader in licensing, installation and compliance for over 20 years and for the automation and intelligence designed into our products. For more information, please go to:

© 2016 Flexera Software LLC. All other brand and product names mentioned herein may be the trademarks and registered trademarks of their respective owners.



For more information, contact:
John Lipsey
Email contact

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.