> Let's say that an organization wanted to prohibit open source. How would you go about it?
As others have noted, this is a bigger lift than you might think. The open source revolution means that we're all dependent on it now, whether we like it or not. Your PC, phone, and car all depend on it-and so does z/OS, at least indirectly (think DNS, among other things). Forty years ago, vendors barely spoke to each other; now we OEM and embed each other's products. Same with open source: using random code from an unknown author would have been unthinkable; now it's common. This change has meant that we have systems that do things that no individual or company would have attempted (and would certainly not have succeeded at), because hey, there's a library to do that XML parsing or whatever, so we can short-circuit that whole part of the effort, yay! The downside, of course, is things like the log4j vulnerabilities. But I'd also ask how secure that fortress MVS system really was 30 years ago: were those programs all that secure? Had they been subjected to rigorous security analysis? Or was it just that it had very few users, who were connected via 3270s, and were employees who (mostly, hopefully) didn't try to find and exploit holes? If you live deep in a cave, you probably don't need to worry about burglars. I find myself very conflicted when I think about this, for all of these reasons. It's clear that the tipping point is long past, anyway. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
