Second start-up tackles open-source hygiene

San Francisco-based Palamida begins selling software aimed at making sure open-source and proprietary software don't intermingle.

Stephen Shankland principal writer
Stephen Shankland has been a reporter at CNET since 1998 and writes about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science Credentials
  • I've been covering the technology industry for 24 years and was a science writer for five years before that. I've got deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and other dee
Stephen Shankland
3 min read
BOSTON--A second start-up has begun selling software aimed at making sure open-source and proprietary software don't intermingle.

Palamida plans its public launch here Tuesday at the LinuxWorld Conference and Expo. The company plans to tout its software and announce it has received a $5 million first-round investment from Hummer Winblad Venture Partners and WaldenVC.

The San Francisco-based company is arriving on the scene a year after Black Duck Software, which sells a software package called ProtexIP. At the Linux show, Black Duck announced a new customer, SAS Institute, which with 10,000 employees is recognized as the largest privately owned software company.

Palamida has fewer than 10 employees, though with its new funding, it plans to expand to about 20 in the next half year, said Theresa Bui Friday, who co-founded the company in 2003 with Ray Waldin and Jeff Luszcz.

The company's software--called the Palamida IP Amplifier--works by scanning software for signatures that match known open-source packages, Friday said. The company also is signing deals that let its software scan for proprietary software signatures to ensure that customers aren't inappropriately mixing proprietary software.

The founders all previously worked at the now-defunct software company Cacheon, which was working on software to help companies move their Java programs from one foundation, such as IBM's WebSphere, to another such as BEA Systems' Weblogic. But in development, the company discovered that a contract employee had used some open-source software in the product.

"We had to go to the original publisher and negotiate stay of relief. We paid him for six months while we architected that out," Friday said. "It was a bigger deal than we thought because it was in the kernel of the product."

Not always a good mix
Though some software licenses permit open-source software to be incorporated into proprietary projects, often there are special provisions that must be followed, and in many cases, mixing proprietary and open-source software is forbidden.

For example, the General Public License that covers Linux, among other popular projects, permits that GPL software may be incorporated only within other GPL projects. That leads some to fear that doing so might trigger the forcible giveaway and exposure of once-secret software, although most believe a more likely outcome is to write a replacement for the offending code.

And there can be intermixing problems the other direction, too. The SCO Group's $5 billion lawsuit against IBM at its core is about whether proprietary Unix software was moved into open-source Linux. Although the judge has criticized SCO for failing to produce actual evidence of its claims, SCO has threatened legal action against many Linux customers and has brought one such suit against AutoZone.

Brian Kelly, an intellectual property attorney with Manatt Phelps & Phillips, said a growing part of his practice involves advising clients who are voluntarily or involuntarily starting to grapple with open-source software issues.

"You'll see it, for example, in acquisitions where one technology company purchases another," Kelly said. "The presence or absence of open-source code inside a product is a due-diligence item of growing importance. A lot of times the target (company being acquired) won't know open-source code is in there."

Even though programmers are increasingly aware of open-source licensing issues, there's still a problem because open-source software is simply readily available, Kelly said. "It's so easy for development teams to incorporate it."

Friday wouldn't disclose customers, though Palamida said it had several in the Fortune 500 and its press release carried an endorsement from Michael Poplack, associate general counsel for database giant Oracle.

Palamida's software costs $20,000 per year for companies with up to 20 in-house programmers; $40,000 for those with 21 to 50 programmers and $60,000 for 51 to 100 programmers. For customers with more, the company negotiates a price, Friday said.