San Francisco-based Palamida first came to many people’s attention during SCO’s legal pursuit of organisations that it said had illegally used its code.

As a startup specialising in inspecting code for potential infringements through knowledge libraries and detection tools, Palamida received plenty of attention. The company also attracted broader interest for its ability to sift code in order to mitigate against the risk of violations that could lead to embarrassment and even legal liability at a later point.

The SCO furore might have died down, says Palamida chief executive Mark Tolliver, but the bigger issue of mixing and matching code from various sources has not gone away.

“I don’t know when the last time was I discussed SCO,” says Tolliver, a former Sun Microsystems executive. “It’s not particularly relevant to today’s world, but one of the outcomes of the rise of open-source software is that you have less visibility as to what’s in your code.”

That is even the case for software companies, especially at this time of market consolidation.

“If you’re buying or selling software companies, there’s a large question as to what you are buying and how to value that,” says Tolliver. He adds that Palamida frequently gets involved in the nitty-gritty of deals, and often turns up surprising omissions in the declarations of what code bases contain.

“In one deal, the target company had disclosed [code from] three open-source products and our work showed 98 products,” he recalls. “In our experience it’s zero malicious intent, just poor record-keeping.”

Aside from that core activity, Tolliver sees wider applicability for Palamida’s ability to identify rogue code. “There are three areas where we tend to get involved,” he says. “First, mergers and acquisitions; second, internal development by commercial software companies; and third, the general category of IT governance, for example where I’m a large bank and I want to know when my development team is using a piece of code we didn’t write. Alternatively, you might have a company tracking code around its own shops for charging back or meeting code reusability goals.”

Often it will be open-source code that is being uprooted, but not always. “Once you have a powerful search tool you can keep generating huge libraries of open-source projects but you can also look at copyrights and company names that might indicate the presence of commercial code,” he says. “Software is software and we are just as effective on embedded software.”

The IT governance aspect of Palamida’s solution could make it an attractive partner for enterprise management software vendors, and the company has recruited engineers to ensure a good fit with the major framework providers. However, Tolliver insists he is not seeking to sell the company.

“Our job is to focus on creating value,” he says. “Exits and end-games will take care of themselves.”

Indeed, a couple of “flashpoints” lead him to think protecting against IP violations will be a hot topic in 2007. One is the dispute over GPL version 3, the other Google’s acquisition of YouTube. “You will see YouTube stand at the centre of the copyright and digital property argument,” Tolliver says.