Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/22/2010
01:19 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Protecode Offers Integration With Development And Application Lifecycle Management Processes

Library IP Auditor analyzes code deposited into the organization's Source Control Management (SCM) library to ensure compliance with the company's established IP policy

Ottawa, ON and San Francisco, CA " March 18, 2010 " Protecode(R), Inc., creator of the world's fastest and most reliable software Intellectual Property (IP) engine, today launched the Library IP Auditor (LA), an extension to the Protecode Enterprise IP Analyzer (EA) product in its flagship product suite of IP assessment tools. The addition of this product is in response to the growing usage of open source and other third-party content in enterprises and the interest in integrating applications with existing development processes.

A key concern of any enterprise " whether it is legal, technical, or business " is the value of its company and products, which depends on the cleanliness of their IP. Protecode LA automatically analyzes any code that is deposited into the organization's Source Control Management (SCM) library to ensure compliance with the company's established IP policy. During analysis, Protecode LA queries the Protecode Global Intellectual Property Signatures (GIPS) database to determine the code pedigree and its associated licensing and copyright obligations. Separate IP policies can be established for specific projects in the library. If violations are detected, an email is sent to the administrator or other predetermined user with appropriate details for action to be taken.

"Using open source and other external software can speed product delivery and save costs; however, injecting any kind of 3rd party code into proprietary software can put the code base at risk," said Mark Driver, Vice President and Research Director, Gartner Research. "With the growing usage of open source in mobile devices, embedded components, the healthcare industry, and the resulting changes in the landscape of software outsourcing, there is a need for IP management to anticipate code contamination and prevent costly legal action."

In addition to LA, Protecode is offering new features in its EA product. This multi-purpose, standalone tool analyzes and identifies all code in a portfolio and produces customizable reports that identify all licensing attributes of the source or object code. These new EA features focus on usability and scalability for large enterprises, making analysis very simple and at the same time highly customizable. Improvements to EA include faster report navigation, customizable user roles and policy management, re-branded client interface and upgrade simplification.

"Whether you're developing your own software, incorporating 3rd party components, or considering a business decision involving software assets, open source code can be introduced at any stage of the software development lifecycle," said Kamal Hassin, Director of Product Management, Protecode. "Companies are finding it difficult to keep track of software components and the associated legal obligations. By integrating IP management with other application lifecycle management processes, license compliance becomes straightforward and efficient. Accelerating innovation doesn't have to be a risky business."

Protecode is an emerging solution sponsor of the Open Source Business Conference, taking place March 17-18th in San Francisco, presenting a paper on "Doing Business in an Open Source World: Practical Measures for Enabling Clean IP" on Thursday, March 18th at 4:00pm. Protecode's products and services will be showcased in the exhibition hall.

About Protecode

Protecode has the world's fastest and most reliable software intellectual property (IP) engine, allowing real-time detection and management of external licensing and copyright issues as they arise. Built for ease-of-use, Protecode makes leveraging open source and third party software a straightforward process for organizations of all sizes. Detect common code early, obtain a bill of materials, understand licensing obligations and achieve mandated IP governance all seamlessly within established workflows. Protecode's portfolio of solutions enables enterprises worldwide to control costs and to dramatically increase and protect software asset value. For more information and to download a free trial please visit us at http://www.protecode.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-18661
PUBLISHED: 2021-06-24
Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php.
CVE-2020-21787
PUBLISHED: 2021-06-24
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.
CVE-2020-21788
PUBLISHED: 2021-06-24
In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php.
CVE-2021-23398
PUBLISHED: 2021-06-24
All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.
CVE-2021-33348
PUBLISHED: 2021-06-24
An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases.