From: Crispin Cowan (crispin@private)
Date: Tue Jul 15 2003 - 19:33:45 PDT

  • Next message: Kuo, Jimmy: "RE: CRIME GNU Help"

    Kuo, Jimmy wrote:
    >Also, in AV, I don't have to worry about how I look in this debate, because
    >there is no open source alternative.  Aside from the laughable (and illegal;
    >technology and string information stolen from a Russian AV company) effort
    >passing as Open Source AV, we are a service offerring, not just products.
    >And this is true in much of the security arena.
    That's because the virus problem itself is unique to proprietary 
    operating systems :)
    Caveat: Yes, I know about the few "proof of concept" viruses for *NIX. 
    They are wind-up toys that never propagate effectively.
    >The circumstance where Open Source is good at providing "patches" quicker
    >than the proprietary arena involves the "emergency" scenarios.  And though
    >this is true even for security products, what the "companies" are good at
    >are the regular, mundane updates.  That's the service aspect that you can't
    >buy with Open Source, and that's what's more true in our ("Security") area
    >of expertise.
    It's not free, but you can buy service for open source products. Many 
    companies will sell you service for mundane tasks for open source 
    systems. The above is just false.
    >The issue of owning the source code for the service that you contract out.
    >There has got to be an escrow aspect to the contract where the government
    >can get that source.  That is in every contract that I've seen in a service
    >contract.  The issue then is in how much someone is not doing their job
    >according to the contract.  So, it boils back to the contract.  So, it's not
    >really an Open Source issue.
    Escrow is different from open source. If you had proprietary code 
    provided via contract, and then you wanted to engage a different company 
    for an upgrade, you'd be screwed: you're locked in to dealing with the 
    same contractor, even if you were not particularly pleased with their 
    performance. OTOH, if you had open source licensing terms applied to the 
    bespoke software you contracted for, then you could engage anyone you 
    wanted to subsequently update it.
    Crispin Cowan, Ph.D. 
    Chief Scientist, Immunix

    This archive was generated by hypermail 2b30 : Tue Jul 15 2003 - 19:48:08 PDT