Is Security Systems Debate Missing Point?

Security has always been a mix of products and process.

Open-source advocates championing their approach to software as inherently more secure would use each new vulnerability in Microsofts proprietary Windows software to buttress their arguments. The Code Red and Nimda worms had a feast on unpatched Microsoft Internet Information Services servers last year, while the open-source Apache servers sat untouched. Proof, said advocates, that proprietary systems simply cannot match the speed of hackers in finding new holes. That all changed this summer when a worm called Slapper did a double dip on exploiting the OpenSSL tool kit. So much for open source being more secure simply because its open.

As Dennis Fisher explains in this weeks Cover Story, "Open Source: A False Sense of Security?" the arguments over open vs. proprietary system security may be missing the point. Security has always been a mix of products and process. All the coolest security products wont make much of a difference if you havent developed a process for being proactive about IT security and constantly assessing your infrastructure. Of the three big issues in enterprise systems deployment (scalability, reliability and security), security is the issue that open-source and proprietary vendors have not been able to resolve. Read Dennis article to get the best approach to understanding open-source security.

Employees are a companys biggest cost and asset. Making sure you are getting the most value from that asset falls under the term human capital management. In this weeks lead eWeek Labs story, "The Human Touch," Debra Donston looks at HCM and the software programs that help measure and manage the employees and projects that make up a companys lifeblood so that you can get optimum value from the employees contributing to your companys overall health.

When you are not worrying about managing your human resources, you can always start worrying about your storage resources. In "Blazing an SRM Trail," Evan Koblentz surveys the latest round of storage resource management products and speaks with users about how they are using them.

Application servers are the heart of the Web services infrastructure, and the Java side is about to go through another cycle of change. With the imminent release of the J2EE 1.4 specification, this weeks Labs section includes a Tech Analysis by Tim Dyck on what the 1.4 spec contains. We hope his analysis helps you in sorting out the changes that are in the new release.

Whats your view on open-source security? Write to me at