Palamida, a vendor that sells software and services around open-source software security and legal compliance, has named 25 open-source projects companies should not hesitate to use.
All the projects on the list are stable and enterprise-ready, Palamida said.
“If you aren’t thinking about using open-source as part of your development process, you’re putting yourself at a competitive disadvantage,” said Theresa Bui Friday, vice president of product marketing and a co-founder of the San Francisco company.
Palamida thought it wise to distribute the 25 projects over a number of categories, since open source “has permeated up and down the stack,” she said.
The company’s announcement also reflects its changing business strategy.
Today, Palamida’s software scans a customer’s code base, determines which open-source software is in use, and provides information about associated licenses, known vulnerablities and available patches.
But when formed in 2003, the company initially focused on licensing issues, because most of its early customers were software vendors, Friday said: “Five years ago, the management issue was solely around licenses, and license terms and obligations.”
Palamida subsequently began hearing that customers were sending the open-source licensing reports over to their security teams. “We realized these lists were useful to a different organization than IP management,” she said.
Overall Palamida and its competitor Black Duck Software “have been moving into providing a tool for software development,” said Redmonk analyst Michael Coté. “Instead of making sure your open-source code use is healthy from only a legal perspective … the idea is to make sure that your overall use of OSS is healthy.”