Print
Discuss
Send to friend
RSS feedsI recently received an email from a colleague asking about security and software. It seems to me that the number one issue facing vendors of all types of software is who should pay for losses caused by bad programming.
In fairness, this is probably also the central issue facing open-source suppliers.
I don't expect to see software vendors paying out huge sums to cover the cost of past viruses and worms such as Code Red or Nimda. But looking to the future, tighter liability laws for software should lead to better products.
Of course, improved security would probably entail more time-consuming software development, and in turn more expensive products. The payback could simply come from less fire-fighting in the datacentre, but it might also affect the very future of web services.
At least open-source developers don't need to concern themselves much with the number two issue facing vendors, which is the desire of peers and partners to inspect the source code of security systems. Allowing such inspections to take place wouldn't guarantee fewer security problems, but would be a step in the right direction.
The alternative, of distributing flawed software to users and then expecting them to carry out their own repairs using patches, does not work well in practice.
Of course, even tried-and-tested products can have serious defects, as shown by the problems with domain-name server software and other internet technologies. Perhaps it comes down to a case of 'better the devil you know'.
One of the most interesting examples of software to pass through VNU Labs recently was VMware's workstation and server virtualisation products.
Like storage virtualisation systems, these tools are designed to increase the utilisation of valuable IT resources. They also hold out the promise of reducing administrative costs.
Server virtualisation products enable a single computer to simultaneously run several operating systems - a capability similar to server partitioning features in most of the Unix systems and even IBM mainframes. The software would probably benefit from configurable limits on the allocation of CPU and I/O bandwidth to virtualised servers, and better support for multiprocessor systems, but even as it stands, it makes an interesting option for provisioning backup or even production server systems.
There are products from other sources that can do similar things, and it is certainly early days for this type of software. After all, it's difficult enough to keep some servers running a single operating system.
Having said that, crashes occurring in a 'guest' operating system don't seem to affect the host using the VMware software.
As most of the Unix vendors have only recently begun providing this sort of functionality in their mid-range systems, this appears to be an area where the PC and Risc vendors will compete neck-and-neck for a while.
For its part, Microsoft seems to have left this field for its partners to seed. Unisys, for example, supports the use of eight operating systems simultaneously on its 32-way ES7000 architecture. However, without a unified approach, Windows-based products might take time to gain acceptance.
del.icio.us
Digg this
reddit!
