McNealy Calls for More Open Standards in Security

In his keynote speech at the RSA Conference, Sun CEO Scott McNealy stresses the importance of open standards in security and has some harsh words for Bill Gates.

SAN JOSE, Calif.—Scott McNealy has seen the future of the security industry and its not pretty, particularly for security vendors.

McNealy, the chairman and CEO of Sun Microsystems, said in his keynote speech at the RSA Conference here on Feb. 14 that without security technology based on open standards that is built into software and hardware from the design phase, there is little hope of solving security and privacy problems now facing enterprises and PC users.

An hour after Bill Gates used his keynote slot to demo a series of security enhancements coming in Windows Vista, McNealy scolded Gates and Microsoft for trying to "bolt on" more features to Windows to fix a security problem that he sees as Microsofts own doing.

"Vista security is bolt-on. You cant just all of a sudden take the Windows hairball and decide youre going to secure it with bolt-on services," McNealy said in an interview after his speech. "You cant do that if you dont start with a trusted core. It has to be a holistic approach. [Microsoft] has the curse of a huge installed base [using an operating system] that was not done correctly."

/zimages/1/28571.gifSun releases T1 specs to open-source community. Click here to read more.

McNealy said that if companies such as Sun, Microsoft, IBM and others do their jobs correctly in the years ahead, there wont be much need for the hundreds of security companies vying for attention on the crowded show floor.

"You shouldnt have an aftermarket for airbags and seatbelts," McNealy said.

To contrast Sun with Microsoft, McNealy spent much of his time on stage laying out what his company has been doing to integrate technology features into its software and hardware in the past few years.

He pointed out the cryptographic functions in Suns microprocessors, the Trusted Extensions for Solaris and the myriad protections integrated into Java.

He also announced a new hardware security device, the Sun Cryptographic Accelerator 6000. The card is designed to help speed up processor-intensive cryptographic operations, and is due for release in the spring.

In order for enterprises to get their arms around the security problems they face everyday, McNealy suggested that IT managers and CIOs question vendors about their support for various open standards and insist on products that use them.

"Open software and standards is how were going to solve this security problem. Its going to get scarier if we dont come up with some rules and technology to protect data and privacy," he said.

"Theres not enough genetic diversity on the desktop, thanks to the recent monopoly that will go unnamed. Because were partners now, you know.

"You wonder why you have a security problem; you wonder why you cant certify your systems. [By having to install patches so often] youre changing the configuration in your data center by the minute," McNealy added. "There is not enough standardization."

McNealy said that the computer industry, including Sun, deserves much of the blame for allowing the security problem to grow into such a massive issue.

"I always argue that the PC industry is more screwed up than any other industry besides health care, and they kill everyone eventually," he said. "So the bar is fairly low."

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.