Heres more... -----Original Message----- Fr From: Javier, Jonathan [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 12, 2003 12:33 PM To: '[EMAIL PROTECTED]' Subject: RE: [PH-TechHeads] Open Source and Vulnerability
Hi Johnny. Good timing on this inquiry. I just had a very animated conversation with my regional IS director about the future of Linux. There is a good article about this in Newsweek, I can share a copy if you like. Firstly, Open Source is the IS security auditor's worst nightmare. Anyway, as much as Open Source is about the potential batlle between Linux and Microsoft/Sun -- and Linux utilizing the Open Source mantra to the fullest. It will all be driven by "economics". For the Linux purists, they are embracing the Open Source doctrine and doing it for free. For the "blue suit" companies -- Intel, IBM, Dell -- it is their chance to have more business leverage in dealing with Microsoft/Oracle and thrashing Sun. For the "silent majority" underground programmers, it is their chance to conduct some sort of a guerilla warfare against the big three -- Microsoft, Oracle, and Sun. I also share your issues/concerns about security and putting some level of control -- without neglecting the fact that Open Source is "free" and offer much flexibility. There will be no silver bullet solution into this ..... it will be a cocktail of solutions to address varying concerns/issues. I guess the first question you have to ask is, "What systems are mission critical to your core business?" By knowing this, you will be able to plan your approach and determine if you are willing to embrace Open Source or apply computing environment standards/controls. Mission critical systems must still be secured, controlled, and exclusive. Personally, Linux/Open Source will give me short-term benefits but I will not put my future (or the future of the business) into something that is very vulnerable. Linux/Open Source will always be the "Wild West" of business computing and it will stay that way. That's why, I think Linux/Open Source will rule the Inernet world but will struggle in providing core business solutions. If your core business is about providing services to the rest of the world, then you have to seriously consider the Linux/Open Source strategy. However, you still have to consider building a secured and controlled community. In the case of AstraZeneca, our future is always about discovering new drugs and introducing them to the market the shortest possible time. Our R&D infrastructure is like Alcatraz located in the North Pole. Introducing Open Source to them is like walking to a competitor and giving them the chemical composition of our key products. Linux is the latest craze since Netscape and Dot Coms ..... but the two biggest industry movers -- Microsoft and Intel -- will find a way to deal with this challenge. The above is my take on this issue. Cheers! Jae -----Original Message----- Fr From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 12, 2003 11:14 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [PH-TechHeads] Open Source and Vulnerability I would like to solicit comments and feedback on a hypothesis that I'm looking into. Open Source computing increases security vulnerability due to the way the community actually understands limitations and flaws of the system. As such, vulnerability exploits have a greater probability of happening. At the same time, due to the "underground" nature of open source contributions, we are unable to police its ranks -- plenty of opportunities for lurkers with bad intentions to come in. This is similar to the current Microsoft situation but in a slightly different manner. Microsoft's vulnerability is its popularility. As such, there are more people who are trained to actually use and develop products on their platforms. Thus, you have an army of hackers and crackers just waiting on the sidelines to push the envelope. What's the difference though in protection strategies? For Open Source, we are dependent on the Open Source community at large to try and police or create defensive products to help block off attacks. Unfortunately, this is not a concerted effort due to the non-remuneration model of Open Source. In Microsoft and other branded Unix environments, there is a whole slew of companies whose primary purpose is to create products to defend against attacks. Open Source has become popular due to the "free" nature of the beast. It will catch on further as companies begin to understand how to further exploit it. But, its popularity will also mean its downfall unless we come up with adequate means of protecting the platform. As a CIO, I'm hesitant in plunging head on into a full Linux strategy for industrial-strength and enterprise-class applications and deployment. Cost benefits aside, I'm worried about support issues and vulnerabilities. Yet, I cannot ignore what's happening and need to formulate a strategy for possible Linux acceptance. Given this scenario, I would appreciate any comments, suggestions and thoughts on what you feel about the above. Am I right, did I miss something or is there a silver bullet out there that can help us make better decision on this. Many thanks. Regards, Johnny C. Sy VP - Information Technology ABS-CBN Broadcasting Corporation/ The Communications Group To unsubscribe from this group, send an email to: [EMAIL PROTECTED] Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service < http://docs.yahoo.com/info/terms/> . Yahoo! Groups Sponsor ADVERTISEMENT < http://rd.yahoo.com/M=243066.2784921.4151384.1927555/D=egroupweb/S=17059095 61:HM/A=1377502/R=0/*http://www.verisign.com/cgi-bin/go.cgi?a=b315501132060 04000> < http://us.adserver.yahoo.com/l?M=243066.2784921.4151384.1927555/D=egroupmai l/S=:HM/A=1377502/rand=346737386> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service < http://docs.yahoo.com/info/terms/> . _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
