RE: CRIME Computers vulnerable at Oregon department

From: Andrew Plato (aplato@private)
Date: Tue Sep 24 2002 - 13:26:10 PDT

  • Next message: brvarin@private: "CRIME Anyone seen my radioactive material?"

    Honestly Seth, I really don't think giving the state the source 
    code would do much good?
    
    Most organizations (particularly governments) barely have the
    resources to keep their systems turned on, let alone
    re-engineering their software. Even if these places got the source
    code, they wouldn't know what to do with it.
    
    There are too many other things to worry about. Re-engineering 
    code is not a priority. Its why firms buy commercial products
    in the first place - so somebody else can worry about the 
    software engineering. 
    
    Second, no commercial firm in the WORLD is going to just hand over 
    their intellectual assets to and organization so they can go about 
    using it and expanding upon it and cutting out the maker. If this
    were the case, I GUARANTEE you would see prices of commercial 
    software skyrocket to utterly unobtainable prices. These costs
    would be necessary to compensate for the numerous people who would
    simply steal the source code and go off and make their own products
    and sell them. 
    
    Furthermore, we already HAVE third parties supporting commercial products.
    My firm sells about 50 different technologies from IDSs, firewalls, servers,
    sniffers, etc. We support all those products (in addition to the support
    the manufacturer provides.) And we don't have to own the source code.
    Anitian signs a reseller agreement as part of that agreement we 
    are licensed to help firms implement and use those technologies. Sometimes 
    that means working directly with the engineering staff at our suppliers
    And helping them improve the product based on our customer's input. 
    
    So, we already have this infrastructure you seek and companies can
    retain their intellectual assets. Why would we un-do this situation?
    What motivation is there to hand over source code when nobody really
    wants it or even needs it. 
    
    And your friend, who works at Large Company, answered this question
    perfectly - he already modifies everything, including MS products.
    So why do we need to hand over source code to these people when only
    a handful of people may benefit from it? Why would a firm hand over
    its IP when it would immediately deflate the value of their products?
    
    ------------------------------------
    Andrew Plato, CISSP
    President / Principal Consultant
    Anitian Corporation
    
    (503) 644-5656 office
    (503) 201-0821 cell
    http://www.anitian.com
    ------------------------------------ 
    
     
    
    
    > -----Original Message-----
    > From: Seth Arnold [mailto:sarnold@private] 
    > Sent: Tuesday, September 24, 2002 10:34 AM
    > To: CRIME
    > Subject: Re: CRIME Computers vulnerable at Oregon department
    > 
    > 
    > On Tue, Sep 24, 2002 at 12:30:55AM -0700, T. Kenji Sugahara wrote:
    > > Open Source is great but how about support?  There are 
    > legions of MS 
    > > trained support people but how about Linux/UNIX trained folks?
    > 
    > I'm afraid you've completely missed the point. :)
    > 
    > Crispin's suggestion of requiring vendors to use Open Source licenses
    > for all software the State of Oregon uses has _nothing_ to do with
    > Unix/Linux vs Windows. Nothing at all. Re-read that last sentence. :)
    > 
    > The state can require their database vendors to supply source code and
    > sufficient license to allow the state to modify it at will. The state
    > can require their billing-form-printing vendors to supply source code
    > and sufficient license to allow the state to modify it at will.
    > 
    > Requiring source code and sufficient license to modify it at 
    > will would
    > allow the state to farm out maintainence, upgrades, new features, etc,
    > to third parties, helping to break the buy-in monopoly on software
    > development.
    > 
    > Whether the state would benefit from requiring the same 
    > levels of access
    > to operating system source code is another matter. I'm not 
    > sure what the
    > state of oregon would do with windows source code. Maybe requiring a
    > "source-available" clause in licenses when operating systems are
    > end-of-lifed...
    > 
    > I expect the state would see the most benefit with requiring 
    > source from
    > bespoke software.
    > 
    > > Which brings about another question of Open Source - Uniformity.
    > > What do you think the repercussions are of the kind of mods 
    > that you can
    > > make in an open source environment?  Most everything can be 
    > modified -
    > > and will be. It tends to require a different perspective 
    > than out of the
    > > box solutions.  I wonder what IT support is like in that 
    > environment?
    > 
    > A friend of mine works for A Large Corporation. He has told 
    > me that they
    > modify practically everything in-house. Including Microsoft's stuff.
    > 
    > > In addition, how will software developers react to Open 
    > Source and Open 
    > > Standards?  Will service contracts work as a business model for SW 
    > > developers?  It is sort-of a throwback to the old IBM model 
    > of sell the 
    > > HW for under cost and then make em pay for the maintenance.
    > 
    > I don't know if maintainence work on software is a significant portion
    > of software revenue or not. If it is, I expect many will react rather
    > poorly. :) If it isn't, it shouldn't matter much...
    > 
    > -- 
    > http://sardonix.org/
    > 
    



    This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 14:24:38 PDT