Is Security Systems Debate Missing Point?
Security has always been a mix of products and process.Open-source advocates championing their approach to software as inherently more secure would use each new vulnerability in Microsofts proprietary Windows software to buttress their arguments. The Code Red and Nimda worms had a feast on unpatched Microsoft Internet Information Services servers last year, while the open-source Apache servers sat untouched. Proof, said advocates, that proprietary systems simply cannot match the speed of hackers in finding new holes. That all changed this summer when a worm called Slapper did a double dip on exploiting the OpenSSL tool kit. So much for open source being more secure simply because its open. As Dennis Fisher explains in this weeks Cover Story, "Open Source: A False Sense of Security?" the arguments over open vs. proprietary system security may be missing the point. Security has always been a mix of products and process. All the coolest security products wont make much of a difference if you havent developed a process for being proactive about IT security and constantly assessing your infrastructure. Of the three big issues in enterprise systems deployment (scalability, reliability and security), security is the issue that open-source and proprietary vendors have not been able to resolve. Read Dennis article to get the best approach to understanding open-source security.
Employees are a companys biggest cost and asset. Making sure you are getting the most value from that asset falls under the term human capital management. In this weeks lead eWeek Labs story, "The Human Touch," Debra Donston looks at HCM and the software programs that help measure and manage the employees and projects that make up a companys lifeblood so that you can get optimum value from the employees contributing to your companys overall health.