Vendors: Dont Duck Security Issue

Vendors won't get serious on security until they're liable.

Its good to see customers holding vendors feet to the fire over security issues. As "Contracts Getting Tough on Security", some large-enterprise customers have begun writing clauses into their contracts with vendors that hold the vendors liable for a security breach, virus attack or any other incident related to the vendors software.

Although Ive never been one to favor giving lawyers more reasons to start the meter running, I also dont think vendors will get really serious about enterprise security until they find themselves jointly liable for security breaches. While vendors will be quick to say they provide only a tool and dont want to be held accountable for the hammer, whether it is used to bang nails or bang heads, thats ducking the issue.

The issue is the need for vendors to make security their No. 1 priority not only as evidenced by memos to their staffs but also in their products and services. One way to ensure that is to be held accountable for the gap between a products promise and performance.

Speaking of performance, it is clear from our review of Apache 2.0 ("Apache 20 Beats IIS at Its Own Game") that this open-source project is a legitimate contender for corporate-level computing. Probably the most significant aspect of Apache 2.0 is that it is now fully supported for Windows platforms and written in native Windows code. This makes Apache a viable alternative to IIS on Windows platforms and an option with a better security track record than IIS. The Apache Software Foundation ( continues to be the place where open-source advocates actually get some interesting work done, rather than simply championing the concept of open computing.

The cost of storage continues to fall at heart-stopping rates. The storage requirements for companies continue to increase at nearly equal rates. In between that added capacity and additional storage need lies the requirement to figure out how to back up all that data in the narrowest time frame.

Nothing like a tough computing problem to get our Labs analysts in motion, as this weeks article "Extreme Backup" by Senior Analyst Henry Baltazar illustrates. Henry teamed with engineers from Veritas Softwares labs to build a system that was able to back up a 2-terabyte data set in less than 1 hour.

If youre in the market for a midrange Unix box and you have some money to spend, now is the time to get a great deal. As Ken Popovich states in this weeks article "Unix Vendors Change Tack", vendors are making huge price cuts on their boxes as the high end of the Unix market continues to experience severe drought. Even Sun, which once thought it could avoid that midmarket fray, has realized it must get competitive in that segment if it hopes to continue to be the leader in the Unix box business.

What business changes are you making to stay competitive? Write me at