"Unbreakable" Oracle running with J2EE and Microsofts .Net are two of the most important computing platforms of the 21st century. The problem is that the other important computing environment is cyber-crime—something that unfortunately has more market penetration than any single technology ever will.
Thats one reason eWeek runs the annual OpenHack contest; this years challenge starts this week. OpenHack cant stop hack attempts from occurring, but it helps us provide insight into how and where these attempts occur.
OpenHack 4, this years event, promises to be the most compelling ever. While we dont consider OpenHack a contest between .Net and Oracles application stack, it will help show the strengths and weaknesses of each platform.
Clearly, the stakes are high. Security is the most important "feature" in new computing environments and applications. Its no wonder, considering how much we apparently have lost because of high-tech crime. Most of the estimates, of course, are out of whack. Last spring, a survey by the Computer Security Institute showed that 90 percent of its respondents had security breaches in the prior year, with about 40 percent coming from outside the firewall.
Ive heard stories that some banks have lost $1 trillion over five years because of cyber-crime. The CSI survey said its respondents claimed to have lost $240 billion per year. If cyber-crime were an economy, it would be tremendous. For comparison, the state of California—the worlds sixth-largest economy—has a gross state product figure of about $1.2 trillion.
This leads to three things—a fatalistic attitude among IT professionals who believe theyre going to be hacked no matter what; the high-tech equivalent of malingering, in which IT professionals exaggerate attacks and break-ins; and full-scale marketing by vendors claiming that their products are secure. Ive seen and heard them all.
All we know for sure is that we dont have accurate ways of identifying security flaws until after the fact. Thats where OpenHack comes in.
We applaud Oracle and Microsoft for participating in OpenHack 4. Special thanks also to Extreme Networks for providing gear and being extraordinarily responsive after one of the other networking companies backed out.
Write to me at firstname.lastname@example.org if you want to know which companies are the security wimps that dropped out.