YOUR FEEDBACK
Immo Huneke wrote: A well written article, an ingenious solution to a real problem often encountere...
Jan. 6, 2009 08:14 AM
Cloud Computing Conference
March 30 - April 1, New York
Register Today and SAVE !..

SYS-CON.TV: How Do You Minimize Unpleasant Surprises in Your Java Code? Guest Nigel Cheshire

2008 East
DIAMOND SPONSOR:
Data Direct
Frontiers in Data Access: The Coming Wave in Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
Intel
Virtualization – Path to Predictive Enterprise
Green Hills
IT Security in a Hostile World
JBoss / freedom oss
Practical SOA Approach
GOLD SPONSORS:
Software AG
The Art & Science of SOA: How Governance Enables Adoption
PlateSpin
Effective Planning for Virtual Infrastructure Growth
Fujitsu
Automated Business Process Discovery & Virtualization Service
Ceedo
Workspace Virtualization
Click For 2007 West
Event Webcasts

2008 East
PLATINUM SPONSORS:
Appcelerator
Think Fast: Accelerate AJAX Development with Appcelerator
GOLD SPONSORS:
DreamFace Interactive
The Ultimate Framework for Creating Personalized Web 2.0 Mashups
ICEsoft
AJAX and Social Computing for the Enterprise
Kaazing
Enterprise Comet: Real–Time, Real–Time, or Real–Time Web 2.0?
Nexaweb
Now Playing: Desktop Apps in the Browser!
Sun
jMaki as an AJAX Mashup Framework
POWER PANELS:
The Business Value
of RIAs
What Lies Beyond AJAX?
KEYNOTES:
Douglas Crockford
Can We Fix the Web?
Anthony Franco
2008: The Year of the RIA
Click For 2007 Event Webcasts
SYS-CON.TV
SYS-CON.TV WEBCASTS
JACKBE The Big A(architecture in AJAX)
INSTANTIATIONS Eclipse Rich Internet Platform with Taylor and Milinkovich
YAHOO! Applying AJAX to Speed User's Journey
ENERJY WEBCAST Java Code Quality Management
APP SERVER SHOOT-OUT with Microsoft, IBM, JBoss, Sun, BEA, and Oracle
TOP LINKS YOU MUST CLICK ON


Security
Successful Open Source Security Is Knowing What to Secure
You can't secure what you don't know you have

By: Theresa Bui-Friday
Aug. 27, 2008 02:23 PM

Imagine the CIO of a consumer bank who thinks he is running 50 Oracle databases, but now finds out that in fact he has 100 databases installed behind his firewall. He doesn't have any idea where the other 50 came from. He doesn't know the name of the vendor(s) supporting them. And he doesn't have anyone on his IT team assigned to managing them. This scenario would be totally unacceptable to anyone.

That CIO would be shocked to hear that a very similar situation is happening today. But it's not undocumented databases that will surprise him. It is undocumented open source software embedded inside externally facing web and software applications.

Spend Small, Think Small
Often times the philosophy of "spend small, think small" prevails for most IT organizations. Unless an organization is adopting a large open source project such as Linux, special resources are not being allotted to the management of open source adoption.

In the past, if developers wanted to incorporate third-party code into their applications, a joint development agreement or in-bound licensing contract would be negotiated. The process would have also included a development manager, procurement lead, and a lawyer.

Today's software development world is complex and fast-paced. Software engineers are under increasing pressure to deliver large, high-quality applications in less time, with fewer resources. As a result, the use of community-based open source software components has become one of the most dominant trends in software development.

To remain competitive, complexity and weighty processes have dropped by the wayside, with many disappearing altogether. In today's world of 24/7 and persistent network access, developers dispersed across multi-national sites can include open source, freeware, public domain, evalware (demos of commercial software), etc., into the code they are writing without triggering the usual checkpoints in the procurement process. Without these controls, the open source software is unlikely to be detected, monitored, and tracked.

As a result, IT organizations are unaware of what exactly comprises their code base.

Published Aug. 27, 2008— Reads 1,073
Copyright © 2009 SYS-CON Media. All Rights Reserved.
About Theresa Bui-Friday
As VP of Product Marketing, Theresa Bui-Friday is responsible for Palamida's positioning, core communications content, go-to-market initiatives, and press and analyst relations team. She has over 12 years' of expertise in the software industry with a focus on emerging technology. Prior to Palamida, Theresa was Director of Strategic Marketing at Cacheon. She was also Director of Enterprise Marketing for Embark.com, which is now Princeton Review, where she held global responsibility for product marketing of the enterprise product lines, including competitive and market evaluation, strategic planning and outbound marketing programs.

LATEST ECLIPSE STORIES . . .
By Eclipse News Desk
Micro Focus has announced the availability of Micro Focus COBOL for Eclipse, encompassing versions of Micro Focus' Net Express and Server Express solutions designed specifically for the Eclipse open source ecosystem. Micro Focus COBOL for Eclipse provides an integrated development en...
By Stefan Besling
Only if you were on the dark side of the moon could you have missed the impact of the iPhone. Its sweeping success has brought mobile services into the mainstream. As the first device to convincingly integrate traditional phone capabilities with Web access, it highlights the multi-chan...
By John Willis
Much like “Web 2.0″, cloud computing was a collection of related concepts that people recognized, but didn’t really have a good descriptor for, a definition in search of a term, you could say. When Google CEO Eric Schmidt used it in 2006 to describe their own stuff and then Amaz...
By David Fredh
It’s time to wrap up the year 2008 - a year of change with Obama, the Olympic Games and the financial crisis. It was also the year when Yahoo said no to Microsoft. 2009 will be all about Cloud Computing: the technological hype has started already but the commercial breakthrough will ...
By Eclipse News Desk
Genuitec has announced the production release of MyEclipse Enterprise Workbench 7.0. The new release, built upon Eclipse 3.4.1/Ganymede, delivers a comprehensive environment for AJAX and Web Services in the Eclipse space. In addition, MyEclipse 7.0 is delivered on top of the Pulse Ecli...
By Maureen O'Gara
There's a new release of OpenSolaris out – OpenSolaris 2008.11 – out a whole three weeks before the end of 2008. There was a 2008.05 release, aka Project Indiana, in May but that wasn’t as commercial or production-oriented as this one. Both run only on x86 machines, not Sun's own...
SUBSCRIBE TO THE WORLD'S MOST POWERFUL NEWSLETTERS
SUBSCRIBE TO OUR RSS FEEDS & GET YOUR SYS-CON NEWS LIVE!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021
Click Here

SYS-CON FEATURED WHITEPAPERS

MOST READ THIS WEEK
By Mike Workman
By Eclipse News Desk
By Cloud Computing News Desk
ADS BY GOOGLE