Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/22/2010
01:19 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Protecode Offers Integration With Development And Application Lifecycle Management Processes

Library IP Auditor analyzes code deposited into the organization's Source Control Management (SCM) library to ensure compliance with the company's established IP policy

Ottawa, ON and San Francisco, CA " March 18, 2010 " Protecode(R), Inc., creator of the world's fastest and most reliable software Intellectual Property (IP) engine, today launched the Library IP Auditor (LA), an extension to the Protecode Enterprise IP Analyzer (EA) product in its flagship product suite of IP assessment tools. The addition of this product is in response to the growing usage of open source and other third-party content in enterprises and the interest in integrating applications with existing development processes.

A key concern of any enterprise " whether it is legal, technical, or business " is the value of its company and products, which depends on the cleanliness of their IP. Protecode LA automatically analyzes any code that is deposited into the organization's Source Control Management (SCM) library to ensure compliance with the company's established IP policy. During analysis, Protecode LA queries the Protecode Global Intellectual Property Signatures (GIPS) database to determine the code pedigree and its associated licensing and copyright obligations. Separate IP policies can be established for specific projects in the library. If violations are detected, an email is sent to the administrator or other predetermined user with appropriate details for action to be taken.

"Using open source and other external software can speed product delivery and save costs; however, injecting any kind of 3rd party code into proprietary software can put the code base at risk," said Mark Driver, Vice President and Research Director, Gartner Research. "With the growing usage of open source in mobile devices, embedded components, the healthcare industry, and the resulting changes in the landscape of software outsourcing, there is a need for IP management to anticipate code contamination and prevent costly legal action."

In addition to LA, Protecode is offering new features in its EA product. This multi-purpose, standalone tool analyzes and identifies all code in a portfolio and produces customizable reports that identify all licensing attributes of the source or object code. These new EA features focus on usability and scalability for large enterprises, making analysis very simple and at the same time highly customizable. Improvements to EA include faster report navigation, customizable user roles and policy management, re-branded client interface and upgrade simplification.

"Whether you're developing your own software, incorporating 3rd party components, or considering a business decision involving software assets, open source code can be introduced at any stage of the software development lifecycle," said Kamal Hassin, Director of Product Management, Protecode. "Companies are finding it difficult to keep track of software components and the associated legal obligations. By integrating IP management with other application lifecycle management processes, license compliance becomes straightforward and efficient. Accelerating innovation doesn't have to be a risky business."

Protecode is an emerging solution sponsor of the Open Source Business Conference, taking place March 17-18th in San Francisco, presenting a paper on "Doing Business in an Open Source World: Practical Measures for Enabling Clean IP" on Thursday, March 18th at 4:00pm. Protecode's products and services will be showcased in the exhibition hall.

About Protecode

Protecode has the world's fastest and most reliable software intellectual property (IP) engine, allowing real-time detection and management of external licensing and copyright issues as they arise. Built for ease-of-use, Protecode makes leveraging open source and third party software a straightforward process for organizations of all sizes. Detect common code early, obtain a bill of materials, understand licensing obligations and achieve mandated IP governance all seamlessly within established workflows. Protecode's portfolio of solutions enables enterprises worldwide to control costs and to dramatically increase and protect software asset value. For more information and to download a free trial please visit us at http://www.protecode.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/12/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
CVE-2021-25173
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25174
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).