HOME ALL STORIES LATEST NEWS COLUMNS OPINIONS EDITORIALS GUEST VIEWS SHORT TAKES DATA WATCH SPECIAL REPORTS ZEICHICK'S TAKE SD TIMES 100 EDITORS' BLOG

RSS FEEDS

FACEBOOK

TWITTER

WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL CALENDAR EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH SYSMANNEWS SPTECHCON ESDC IPHONEDEVCON PRIVACY POLICY CONTACT US

Printable version

HOME >> OPINIONS

Most Read Latest News Blog Resources

Mono brings .NET to Android
At Microsoft MIX, Mono will unveil the ability to port .NET applications to the Android op...

Does Windows cost Microsoft opportunities?
Microsoft's decision to focus .NET on Windows is stifling innovation due to the specter of...

OSBC focus turns to best practices for open-source adoption
Businesses are no longer asking why they should adopt, but how do they use open source leg...

Maven Studio for Eclipse gets developers up to speed
Sonatype tool simplifies onboarding by giving developers a way to easily deploy fully conf...

nVidia updates CUDA tools
Latest version helps developers turn desktops and servers with high-end GPUs into more pow...

Scrum Planning Board adds automation to Axosoft OnTime
Illustrations are also included to assist Scrum-using developers a better view of what the...

Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.

Overcoming Development Challenges with Open Source Open source software can help you with your application development challenges. It doesn’t...

Accelerate Services and the Cloud Business units, functional groups, and different divisions of companies across industries...

Enterprise Mashup Platforms for Today’s Increasingly Complex and Real-Time Context Enterprise Mashups offer your company a new way to connect data from inside and outside yo...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Focus on Security

By SD Times News Team

July 15, 2007 —

First came the announcement last month that IBM would acquire Watchfire, which sells security assessment software. Then HP followed by announcing it would buy SPI Dynamics, another well-regarded software security company.

Industry pundits had been writing for some time that there would be consolidation in this market, which features companies such as Cenzic, Klocwork and Ounce Labs. Any or all of these concerns could be ripe for the picking by Microsoft or Oracle, which as of now do not offer a secure software solution to compete against IBM and HP.

These acquisitions are a signal that software tool providers acknowledge that firewalls, access control lists and other measures are not enough to stop the siege from hackers looking to exploit personal data or to simply lock up a system for the fun of it. These major companies are learning that security is something that needs to be addressed during the creation of code, not a feature to be slapped on at the end.

Preventing access only stops people from getting to your data in ways you expect; writing secure code can cover the entry points you don’t immediately think of, or even see.

IBM already had tight integration with Watchfire in its Rational development life-cycle tools, while HP will incorporate the SPI Dynamics functionality into its former Mercury testing and QA tools. That’s an excellent first step toward securing software, in addition to securing networks and servers.

The harder challenge remains: convincing the people who gather requirements, create models and write code that security is their responsibility as well. Analysts have cited an unchanging culture among developers as a roadblock to security. And vendors have said you can give developers all the tools in the world, but you can’t make them use them.

Well, their bosses can. Now that IBM and HP are providing enterprise-class tools for security assessment, it falls to the development managers and project managers to make sure security is considered at each step—requirements, modeling, code, build, test and QA. They have a harder job than the vendors, but software will always be vulnerable until they get buy-in all along the life cycle.

Purity Isn’t Always Practical
Ideological purity is a wonderful thing, when one is on the side of the angels. Unfortunately, most of us exist in a more workaday world and have learned that ideology doesn’t necessarily make for sound business decisions.

Not everyone agrees with that, of course, as vocal members of the open source community view the world in black-and-white terms. Consider the fuss being raised by some members of the open source community over Microsoft’s ongoing series of deals with Linux distributors. When Novell came to terms with Microsoft last fall, we noted that it looked like the 1939 Molotov-Ribbentrop pact all over again. At the risk of overextending the analogy, Microsoft’s deals with Linspire and Xandros look more like pacts with Horthy-era Hungary and Mannerheim’s Finland. In other words, the users affected are an infinitesimal slice of the pie.

It is clear that Microsoft’s leaders feel threatened by open source technologies. But even the company’s most ideologically committed executives and managers recognize that the cat is out of the bag, and Microsoft is now willing to work with the open source community, whose money is just as green as anyone else’s. Microsoft is cutting deals with companies because it’s used to dealing with businesses, not amorphous communities.

But, as cynical and jaded as we are, we don’t see a downside from these arrangements affecting end users, or the open source community as a whole. Like it or not, Windows interoperability is a must, and dealing with Microsoft is a must, if Linux is going to continue to grow as a broad business technology.

Share this link: http://www.sdtimes.com/link/30934

Security is the focus of latest Curl platform update A beta release of the RIA platform now allows administrators to allow or disallow privileges for end users, and unprivileged applications can store data on local disks. The beta will be available at the Web 2.0 Expo.

Micro Focus and Microsoft focus on COBOL modernization Micro Focus will integrate its trio of COBOL modernization products with the full Microsoft stack, including BizTalk Server, the .NET Framework, SCOM, SQL Server, and Windows.

RSA keynote: Lack of security in the cloud breeds distrust Experts say that until cloud security standards mature and are adopted more widely, adoption will be tepid

Add comment

Name*
Email*
Country

Comment
Preview

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?

Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.
03/17/2010 11:16 AM EST

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.
03/17/2010 11:08 AM EST

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST