Computerworld

Panel discusses security and purchasing politics

The subject of how to audit an open source-based system for reasons of security came up in a panel session that ended the Govis conference.

The subject of how to audit an open source-based system for reasons of security came up in a panel session that ended the Govis conference.

Particularly significant in the public sector, audit trails are explicitly included as part of common closed source operating systems software, but auditability is not a standard feature of the Linux kernel, noted Mark Pascall of developer 3months.

Audit features have been kept out for the sake of keeping the kernel clean and consistent, says IBM’s Mary Ann Fisher, but “hooks” have been included to bind in appropriate additional software.

Microsoft representative Brett Roberts pointed out that latest versions of Windows are built to verified C2 security standard. The promises of security bolt-ons, he says, show “Microsoft does not have the sole franchise on vapourware”.

Customer organisations would not have to get involved in nitty-gritty development, says Fisher. Applications vendors such as SAP have the requisite knowledge of the open source environment to provide a workable product for the user that does not need such expertise at their level.

Packaged software could, it was suggested, be acquired and the task of tailoring it to particular requirements could be done by members of the open source community.

Stuart Wakefield of NZ Post said he was rather doubtful of the effectiveness of such a scheme.

Igor Portugal of developer Asterisk countered that NZ Post and corporates like it could contribute to raising open systems skills locally by moving in the OSS direction.

Wakefield had earlier given an account of reasons for NZ Post choosing Windows 2000 to succeed its OS/2-based point-of-sale systems after considering Linux in depth, and equally its reasons for taking the OSS route for its messaging middleware. The latter had none of the compatibility problems of the sales applications and peripherals and was a cleaner cost decision, he said.

The relative merit of Microsoft-style intensive “user focus groups” against a looser OSS “community” for firming up features of software was discussed, with the OSS champions suggesting the latter was as effective as the former, particularly given the shorter and more frequent development cycles.

Some delegates detected a political slant to selections, in the sense of preserving independence from US domination and imbalance of exports and imports. Roberts protested that Microsoft generates work locally and is not the “great cash vacuum-cleaner” that it’s popularly imagined to be.

IBM’s Mary Ann Fisher pointed out that a desire by European governments to retain their people’s skills in Europe was as big a motivator as any more basic financial motives or hard political antipathies to US foreign policy.