At last year's Oracle OpenWorld, Oracle co-president Charles Phillips promised that the annual JavaOne conference, a touchstone event for Java jocks around the world, would continue as a stand-alone conference, though it would be co-located with OpenWorld. A year later, here we are at the annual Oracle show, and I'd have to say that Big O's idea of "co-located" differs a bit from mine.
Renamed JavaOne/Oracle Develop, the event is underway this week in San Francisco, but instead of its traditional Moscone Center home, the show has been shifted to the Hilton San Francisco off of Union Square half a mile away.
I think Robert Mullins described the event and its implications aptly in his blog: "Holding a separate event at a different venue makes it seem like Oracle is seating JavaOne at the equivalent of the kids' table and could feed the concern of skeptics who wondered how well Oracle would support open source software that would be competition for its more profitable licensed software."
The Twitterstream was burbling with mixed reviews of Day One of the new JavaOne event.
John Rizzo of San Rafel, California wrote: "At JavaOne. Even though we have been pushed to a side show Oracle is still spending more on JavaOne then Sun has in a long time." But Palo Alto, California-based attendee Dion Almaer wrote: "JavaOne at the Hilton, not Moscone, is painful. At least it exists, but I will go Devoxx instead :)"
Organizers of the main event, Oracle OpenWorld, are claiming the largest turnout ever, with 41,000 attendees. The annual Oracle show is taking up all three wings of the Moscone Convention Center, not to mention Howard street between Moscone North and South.
Although none of the top Oracle execs will be speaking directly to JavaOne attendees -- Oracle CEO Larry Ellison and co-president Safra Catz spoke Sunday night at Moscone, and new co-president Mark Hurd is scheduled to speak later this week -- Oracle EVP of Product Development Thomas Kurian will be speaking at JavaOne later this afternoon (Monday). His topic: "Java Strategy and Directions." He's scheduled to "share Oracle's vision for strengthened investment and innovation in Java and describe how Java will continue to grow as the most powerful, scalable, secure, and open platform for the global developer community."
And the content planned for this year's JavaOne… I mean JavaOne/Oracle Develop… looks good. Lots of sessions on Java Enterprise Edition, the MySQL database, the GlassFish Server and other Java tech. And inventor and futurist Ray Kurzweil will be giving a special JavaOne keynote on Thursday morning.
IDC analyst Al Hilwa, who's in San Francisco this week for the event, offered me some perspective on the combined conferences: " I think Oracle's strategy will evolve over time," he told me. "While it's not convenient to be in a separate location, there's just so much you can do at the Moscone. OOW was already the biggest thing happening here and way overstretched even before JavaOne, so it's clearly not an ideal situation. Oracle has to figure out how important for them it is to have these things at the same time. In my opinion, the developer audience deserves their own JavaOne developer events, however, it is clearly a tradeoff, because the atmosphere and energy generated by the scale of OOW is almost unique in the industry."
I get that the choice to hold JavaOne at the Hilton is probably about logistics. Both events are biguns and they can't occupy the same space without ripping a hole in the space-time continuum. But it still sucks a little.
More later. Stay tuned.
Posted by John K. Waters on September 20, 20100 comments
It was a busy week in the City by the Bay, with concurrent conferences filling up a couple of wings of the Moscone Center. While the venerable Intel Developer Forum (IDF), the giant chipmaker’s periodic conference for hardware and software developers, took over Moscone West, a bouncing baby tech show, the AppNation Conference, occupied Moscone North.
The inaugural, two-day AppNation event was billed as the first conference focused on the "app economy." The show featured a fairly impressive lineup of speakers and exhibitors for a newbie. The roster included Google, Fox, Zynga, Microsoft, The North Face, AT&T, GetJar, Mediabrands, Major League Baseball, General Electric, The Wall Street Journal, AKQA, Smule, Sequoia Capital, Accel Partners, Symbian, PepsiCo, JP Morgan Chase, Ogilvy, Lima Sky (pause for big breath), and dozens of others.
In his opening remarks, Drew Ianni, chairman and founder of the event (and former chairman of a digital marketing conference called Ad:Tech), shared some AppNation research, which predicts that a million mobile apps will be available for download by 2012.
"It's this ecosystem and economy that's sort of sprung out of nowhere," Ianni said. "It's a huge potential market. It's also a revolution."
San Francisco's Mayor, Gavin Newsom, was on hand to welcome an estimated 1,200-plus attendees to the event. Among other things, the Mayor announced that he would be issuing a challenge to developers to make the official Gavin Newsom app for his campaign for Lieutenant Governor.
Some interesting stats came out of this show, as Jonathan Carson, CEO of the Nielsen Company's Telecom Practice (yup, the TV ratings guys), rolled out the results of an ongoing mobile computing study, dubbed "The Mobile Apps Playbook." The results reported at the show are based on an August survey of more than 4,000 mobile subscribers who reported downloading an app in the previous 30 days.
According to the study, 91 percent of respondents said they would be willing to pay for a game; 86 percent said they would be willing to pay for an "entertainment" app; 84 percent would pay for map or navigation apps; 82 percent would cough up for productivity apps; 77 percent for "food" apps (whatever those are); and 76 percent would pay for news apps.
"A year and a half ago, the conversation was mostly about iPhone apps and Facebook apps," Ianni said. "But businesses were being transformed by apps. They're turning into the new touch points for brands. And it's a new media distribution channel."
Hmm… And it's still kind of about iPhone and Facebook. According to the Nielsen survey, smartphone app downloaders currently have an average of 27 apps on their phones -- that's up from 22 app reported in December 2009. Unsurprisingly, users of Apple's iPhones have the largest number of apps on their devices; Android uses came in second and BlackBerry users third. And Facebook is the most popular individual application on all three.
Posted by John K. Waters on September 17, 20100 comments
With the recent sturm und drang around Oracle's stewardship of Java, the upcoming Oracle-sponsored JavaOne conference, and Apple's decision to make some changes to its iOS Developer Program license, it seemed like a good time to mention the blogs of a couple of Java and Open Source vets that are not to be missed.
First, James Gosling, the Father of Java, is blogging again. His observations on Java and related technologies and issues in his On a New Road blog are especially welcome in uncertain times. He knows the tech and the players, he has a clear point of view, and he doesn't pull punches. Love his "Just Free It" Java T-shirt design in his Aug 27 blog.
One of the reasons I'm recommending this blog so highly is that Mr. Gosling's posts generated a lot of responses, so it's more than just a venerable Java jock holding court; it's a conversation.
Next, is the blog of Bruce Perens, original author of the "Open Source Definition" and a founder of the Open Source Initiative, the Linux Standard Base, and Software in the Public Interest. The insightful Perens jumped back into blogging after a fairly long absence with some useful posts on the Oracle lawsuit, the Mark Hurd firing and other issues.
I was disappointed to see that he's once again in in "head-down mode" developing "some paradigm-changing new software." Check out his recent posts, and help me nudge him back into the blogosphere (he's on Twitter at @BrucePerens).
If you're not reading Tim Bray's "Ongoing" blog, you're missing a nuts-and-bolts gem. Bray is the co-inventor of XML, co-founder of Open Text Corporation and Antarctica Systems, former director of Web tech at Sun, and current Developer Advocate at Google. Often surly (loved his recent reference to JavaOne as an Oracle OpenWorld "appendage"), always on point, full of tech talk, occasional book and tech reviews, and useful links, this is a blog to subscribe to.
Bray is also a prolific and pithy tweeter; be sure to add @timbray to your fav list.
I had thought I might also recommend former Sun CEO Jonathan Schwartz's aptly named "What I Couldn't Say" blog, which I found interesting and entertaining in the wake of the Oracle acquisition. But I hadn't checked it in a while and discovered that the Ponytailed One had stopped posting in March -- but that's also the reason for his absence from the blogosphere. Schwartz blogged this week about his new company, Picture Of Health.
Posted by John K. Waters on September 10, 20102 comments
I don’t usually spend a lot of time on Apple announcements, because we're sort of enterprise-focused around here. But I can hardly ignore the Cool Cats in Cupertino today. The amount of email I received from companies commenting on Apple's decision to relax its restrictions on cross-platform compilers -- which, if I've got this right, maybe even allow Flash apps to run on the iPhone -- reminds me that, even in the enterprise, the compute platform is on the move.
In case you missed the announcement, Apple says it will no longer bar developers from using rival programming tools to build apps for the iPhone, iPad, and iPod Touch. The statement read, in part:
…We have listened to our developers and taken much of their feedback to heart. Based on their input, today we are making some important changes to our iOS Developer Program license in sections 3.3.1, 3.3.2 and 3.3.9 to relax some restrictions we put in place earlier this year.
In particular, we are relaxing all restrictions on the development tools used to create iOS apps, as long as the resulting apps do not download any code. This should give developers the flexibility they want, while preserving the security we need.
In addition, for the first time we are publishing the App Store Review Guidelines to help developers understand how we review submitted apps. We hope it will make us more transparent and help our developers create even more successful apps for the App Store….
When Apple released an update of its iPhone developer program license in April, plenty of developers were PO'd about its ban on private APIs and requirement that apps be written in Objective-C, C, C++, or JavaScript, as executed by the iPhone OS WebKit engine.
Needless to say, none of the messages crowding my inbox on this decision were negative. A note from Appcelerator, a Mountain View, CA-based maker of an open source application development platform called Titanium, was typical: "Appcelerator believes this move provides a strong endorsement for developer innovation, reinforces Apple’s long-term platform advantage, and benefits consumers as the ultimate arbiters of quality in the App Store."
You can almost hear the sigh of relief.
And Omar Hamoui, former CEO of AdMob and current VP of Google's product management group, posted what amounted to a cheer on the company blog: "This is great news for everyone in the mobile community, as we believe that a competitive environment is the best way to drive innovation and growth in mobile advertising…," wrote. Hamoui ought to be cheering. Google spent $750 million on its AdMob acquisition.
It's potentially big news for Adobe, which has been squabbling with Apple over Steve Jobs' adamantine antipathy for Flash. But the company was almost solemn in this tweet on the news: "We are encouraged to see Apple lift restrictions on its licensing terms, giving developers freedom to choose the tools they use."
Apple's decision is particularly good news for the AdMob crowd (no pun intended), but it's also good news for burgeoning population of developers building mobile apps for consumers -- a market that history shows us is a harbinger of things to come for the enterprise. And let's face it: with rumors swirling around that the FTC might be looking at Apple for anti-competitive practices that restrict rivals in the mobile-ad market in the wake of its acquisition of Quattro Wireless, it might have been Cupertino's only move.
Posted by John K. Waters on September 9, 20100 comments
The attendance stats coming out of the seventh annual VMworld conference, which wrapped up Thursday in San Francisco, are stunning: more than 17,000 conference goers attended more than 15,000 labs and consumed 102,000 sodas and 27,000 pastries (my contribution to this last one was more restrained this year, thanks for asking). And unseasonable temps in the high 90s!
But the numbers I began to wonder about after VMware unveiled its grand vision for a "new infrastructure" and "IT-as-a-Service" aren't as easy to pin down. (Get the details on these technologies from our sister pub, Virtualization Review. Excellent coverage of this year's conference by Bruce Hoard, Rick Vanover and others.)
Derrick Harris, senior curator in the Infrastructure group at industry analyst firm GigaOM Pro, actually posed the question on my mind in the title of a recently published strategy research paper: "VMware’s Cloudy Ambitions: Can It Repeat Hypervisor Success?
You'll probably know GigaOM as the biz blog network launched in 2006 by Om Malik. Launched last year, GigaOM Pro provides "real-time expert industry analysis on emerging technology markets." It's essentially a network of savvy IT industry watchers.
I talked with Harris a week before the show, and he described a VMware already embarking on an all-inclusive cloud-computing strategy.
"In the cloud, you have the infrastructure level, the platform level and the software level, and VMware is trying to play in all those areas," he said. "Its solution set covers nearly every layer of the cloud stack, and its server, storage and networking partners fill in the rest, so against any single vendor, VMware continues to be the hands-down favorite for market leader. Which is not to say won't find anyone in its rear-view mirror."
VMware execs took the stage during the conference to describe a new everything-in-the-cloud stack that features an infrastructure layer comprising vSphere, vCenter, vCloud Director and vShield. Above that: a new cloud application platform layer; above that, a new end-user-access-from-any-device-anywhere layer. VMware CEO Paul Maritz declared that the role of the operating system layer in this environment is changing. "The traditional OS won't disappear," he said, "but it's one component that needs to fit into this world."
The big news for developers here is the cloud application platform, called vFabric. Based on the Spring Java development framework, vFabric includes the Apache Tomcat-based app server tc Server, GemFire data management software, the Enterprise Ready Server web server, the newly acquired Hyperic app performance management solution, and the RabbitMQ messaging software.
"VMware wants a situation where the developer writes to a framework -- in this case, the Spring framework -- and the lower level stuff is handled by another group of people and is automated as much as possible," Harris said. "This should be great for developers who have been trying to write applications for a virtualized environment; it frees them from concerns about the operating system, or the database, or other pieces of the stack."
I also talked with Timothy Stephan, VMware's knowledgeable senior director of product marketing, at the show about the IT-as-a-service model VMware was touting.
"In the late 1800s, organizations had a Chief Electricity Officer, who was charged with making sure that the rate and sources of electricity were standardized," he said. "I definitely wouldn't go so far as to say that the CIO is that outdated, but you see how things evolve. This is a utility model we're talking about, and a growing number of our customers are thinking about computing in this way."
I checked in with GigaOM Pro's Harris via e-mail after the show to get his take on the announcements: "In terms of [VMware's] cloud computing strategy around vCloud and its vFabric platform solution, nothing much has changed," he said. "However, Maritz's focus on IT as a service did surprise me a bit, as did the related acquisitions of Integrien and TriCipher [security]. Expanding beyond applications and infrastructure by delivering additional IT processes as services shows that VMware gets the bigger picture. Of course, it also puts VMware in greater competition against management vendors, which could have some interesting implications."
Posted by John K. Waters on September 4, 20100 comments
The sixth annual VMworld user conference is underway this week in the "city by the bay," and this year's event was accompanied by the usual flurry of product announcements. My inbox is stuffed with vendor messages about new product and service offerings. But if I did a keyword search using "virtualization," I'd surface only about half of them. The keyword this year is "cloud."
It's not surprising that cloud computing would take center stage at this year's event. Competition in the virtualization space has been racing up the stack since the commoditization of the hypervisor.
"My chief concern with the whole cloud conversation is that people plunge into it headlong thinking about infrastructure," says Paul Muller, VP of HP's Software and Solutions organization. "We tend to get a little wrapped up in the how, when all we need to care about is the what. Whether it be virtualized or served up by mice on a treadmill, it doesn't matter, as long as I get my services." (Muller is one of those guys you actually want on a soap box.)
HP is making one of the splashier cloud announcements today (which I'll cover here later). But it won't be alone. The list of product releases at this year's show with "cloud" in the name is long. As the show's sponsor and still the market leader, VMware will take the spotlight, of course. Here are a few other vendors to look for that might not get the press they deserve:
- Analysts at Gartner may be predicting that VMWorld’s share of the cloud management market will decline from 100 percent, which it theoretically commanded until recently, to 65 percent by 2012 -- but this is still their show.
- HyTrust, a Mountain View, CA-based provider of access control and policy enforcement vendor for virtualized infrastructure, unveiled an out-of-the-box integration between the HyTrust Appliance and VMware's vCloud Director. Dubbed HyTrust Cloud Control, it's designed to bring strong authentication, role-based access control, security and visibility to VMware-based clouds.
- Egnyte, a provider of cloud file server solutions, announced its Enterprise Local Cloud (ELC) solution on VMware. The ELC is designed to be deployed as a virtual appliance on any VMware Virtual Machine (VM). It's a merging of virtualization and cloud computing, the company says, that allows organizations to deploy a hybrid cloud storage solution on existing infrastructure, including big iron equipment, low-cost commodity servers or a heterogeneous mixture of the two.
- Nimbula is a Menlo Park, CA-based provider of "cloud operating system technology" that was developed by the company's founders in Cape Town, South Africa. The company plans to launch Nimbula Director, which it describes as "a new class of cloud infrastructure and services system that uniquely combines the flexibility, scalability and operational efficiencies of the public cloud with the control, security and trust of today’s most advanced data centers." Think of it as Amazon EC2-like services behind the firewall.
- BlueLock, a provider of cloud hosting and managed IT services, is announcing a partnership with VMware at the show, and the release of a beta version of a new enterprise-class cloud service. The BlueLock plug-in is designed to enable VMware customers to view and manage private cloud environments and new public new enterprise-class cloud service resources in a single interface. Even more surprising: They're not based in Silicon Valley! (You'll find them in Indianapolis, IN.)
- Not every vendor is at the show to announce partnerships with VMware. Abiquo, for example, is focusing on virtual-to-virtual conversion, and citing studies in its PR about VMware losing cloud market share. The Redwood City, CA-based company is a provider of a hyper-visor agnostic, open-source platform for setting up public and private clouds and managing resource allocation. Not only does the company support all major hypervisors, but it supports conversion of virtual machines from one hypervisor to another in any combination.
Posted by John K. Waters on August 31, 20100 comments
Hewlett Packard is making an aggressive move into the cloud this week with a new all-in-one, turn-key solution for deploying private clouds. Unveiled today at the annual VMworld user conference in San Francisco, HP's CloudStart is designed to get your behind-the-firewall cloud up and running in 30 day.
That's a bold claim, but it works, Paul Muller, VP of HP's Software and Solutions organization, told me last week, because it's built on HP's Converged Infrastructure, a combination of hardware, software and services joined under a common management platform. HP unveiled this set of associated services last year to address what it called "IT sprawl."
Also, CloudStart is delivered via HP's Cloud Consulting Services and combines HP's BladeSystem Matrix with the Cloud Services Automation stack and StorageWorks for data services.
Why the big push into private clouds?
"We hear a lot about the momentum of the off-premises cloud, but there's also an equally aggressive trend toward leveling the playing field in the private cloud," Muller said. "Private clouds give companies a chance to experiment with cloud computing and get used to the idea without having to trust third-party providers. The bottom line is they get greater control when the rollout is within the confines of their firewall."
Underpinning this turn-key, private-cloud infrastructure, Muller said, is something HP calls Cloud Maps, which he described as "engineered, tested and proven" application configurations.
"Infrastructure without an application is just a very expensive way to heat your data center," he said. "Our customers want more than just a raw infrastructure capability, more than just virtual servers being served up on demand. They need those infrastructure services to be tuned for best practices associated with a handful of common, off-the-shelf applications that they want to deploy onto them. We built the Cloud Maps to help ensure that you are deploying and automating the management of applications at a best-practices level."
Cloud Maps are imported directly into client cloud environments, where they build a catalog of cloud services for the business, the company says. HP is offering Cloud Maps for VMware, SAP, Oracle and Microsoft.
HP has partnered with VMware and Carnegie Melon University in Pittsburgh on a project that employed the CloudStart package to create a private cloud, which the school plans to use as a test bed for its ongoing cloud research. According to the press release, the university is replacing multiple dedicated clusters with a single cloud environment, which it will use to perform simulations, data analyses and for data storage and data-intensive applications.
If you're at VMworld, and you're interested in HP's cloud strategy, check out its Private Cloud Readiness Bootcamp event, which the company calls "a crash course in all phases of deploying, managing and governing a cloud environment. It's scheduled for Thursday, Sept. 2, from 9 a.m. to 11 a.m. at the Westin Hotel.
Posted by John K. Waters on August 30, 20100 comments
News that Oracle might be dumping OpenSolaris sparked a lively response from the blogosphere this week. The OpenSolaris community is PO'd, to be sure, but for the most part, the bloggers were sober and serious on this topic -- for the most part.
The news broke when Athens, GA-based software engineer and OpenSolaris contributor Steve Stallion published an internal Oracle memo on his Iconoclastic Tendencies blog. The memo lays out Oracle's plans for the open source OS, which include ending open source developers' daily access to builds of Solaris binaries after version 2010.05.
The memo reads, in part: "All of Oracle’s efforts on binary distributions of Solaris technology will be focused on Solaris 11. We will not release any other binary distributions, such as nightly or bi-weekly builds of Solaris binaries, or an OpenSolaris 2010.05 or later distribution. We will determine a simple, cost-effective means of getting enterprise users of prior OpenSolaris binary releases to migrate to S11 Express."
Stallion's comment on this plan is downright poignant: "I can only maintain that the software we worked on was for the betterment of all, not for any one company's bottom line," he writes. "This is truly a perversion of the open source spirit."
Not surprisingly, his post drew numerous comments with many points of view on this issue. I have not been reading Mr. Stallion's blog, but it's on my list now.
Most of the blogging on this news grew out of the memo Stallion published.(The internal Oracle memo was also posted on the OpenSolaris Forum.) The best of these, in my view, is Steven J. Vaughan-Nichols' post on his Cyber Cynic blog: "Oracle Dumps OpenSolaris." I'm a fan of this blog for its insights and unapologetic crankiness. In his recent post Vaughan-Nichols responds directly to Stallion's post: "…[W]elcome to the Larry Ellison school of open-source thought," he writes. "As I'd been trying to tell OpenSolaris developers all along, the god-king CEO of Oracle doesn't give a damn about any open source that doesn't directly benefit Oracle. The moment Oracle acquired Sun, OpenSolaris' fate was sealed."
Great post. Tons of links. Comments piling up.
It's also worthwhile to take a step back and revisit some of the expectations earlier this year about the fate of OpenSolaris. Dana Blankenhorn, who blogs for ZDNet on Linux and Open Source, wrote back in March in a post entitled "Oracle taking back OpenSolaris" that "there's no long such a thing as Open Solaris, and I think anyone who bought Sun’s promises on building an open alternative to Linux just got punked."
Of course, more than a few people in the OpenSolaris community saw all this coming. (You're not paranoid if Big O really is planning to kill your beloved open source project.) About 350 of them got together to start a new project, dubbed Illumos, which launched officially on August 3. The project aims to create a fully open version of OpenSolaris independent of Oracle.
Evan Powell, CEO of Nexenta, a sponsor of the Illumos project, declared in an August 13 post that his company was ready for Oracle's decision. "We've been planning for this contingency for a long time," he wrote. "We have the team to continue to support customers and partners and to continue our development."
Also check out open-source-maven-at-large Simon Phipps' post on the ComputerWorld UK blog; Phipps sees the Illumos Project as neither a fork of OpenSolaris nor another OpenSolaris distro. "It is in fact a project to create a fully open-source-licensed version of the Solaris operating system and networking consolidation -- the closest Solaris comes to a 'kernel project,'" he wrote. "It's a downstream open source project, happy to contribute upstream but resolutely independent. As such it is a thoroughly good thing and a breath of fresh air."
Phipps is a keen observer of open source trends; I recommend his Wild Webmink blog.
And finally, it's a bit tangential, but you might want to check out Adam Leventhal's announcement in his blog that he is leaving Oracle. Leventhal is a longtime member of the Solaris Kernel Group and will continue to blog at http://dtrace.org/blogs/ahl.
Posted by John K. Waters on August 20, 20101 comments
No one was really surprised today when Hewlett-Packard announced that it would be acquiring application security solutions provider Fortify Software. Rumors have been bouncing around the Valley for months.
"This was a real contender for the worst kept secret in Silicon Valley throughout the summer," says Fortify's chief scientist (and co-founder) Dr. Brian Chess.
Details of the deal were not disclosed in HP's announcement, and Chess wouldn't talk about them, either. But he did have some things to say about the meaning of the acquisition.
"Since the company was founded, we've been saying that security is going to become part of building software," Chess says. "And now the big guys are saying it, too. In fact, we're coming into HP as part of the group that does application lifecycle management. With this acquisition, I really feel that we've had our vision validated."
HP is getting more than Fortify's vaunted static application security analysis technology (analyses app code). The founders and management team are sticking around, Chess says, so HP is adding considerable app security expertise with this deal. Fortify CEO John M. Jack will be running the business from its current San Mateo offices for the time being as a stand-alone entity.
"Long term, we think we're going to find that we have a lot in common with HP," Chess says. In fact, Chess himself worked at HP about a decade ago. "Of course it's a much larger company than the one I left, but I think I know these guys to a certain degree. My memory of the company is that it's made up of a bunch of straight shooters who really value technology."
Fortify was founded in 2003. Its initial funding was provided by Kleiner, Perkins, Caufield & Byers. Earlier this month the San Jose Mercury News published a nice story about the company's early days setting up shop in the Silicon Valley venture firm's basement.
The Fortify is seen as complementing HP's 2007 acquisition of web-app security firm SPI Dynamics. And HP isn't the only big player adding application security expertise through acquisition. Last summer, IBM acquired Ounce Labs, a Waltham, Mass.-based maker of enterprise source-code security testing software. Big Blue's acquisition of Watchfire in in 2007 brought governance, risk management, and security and compliance capabilities to the software development lifecycle.
Fortify focuses on software security at the application layer, which is a longtime target of app security guru Gary McGraw. When he's not writing books such books as the now nearly classic Software Security: Building Security In and Exploiting Online Games: Cheating Massively Distributed Systems (with Greg Hoglundl), McGraw serves on Fortify's technical advisory board. He's also the CTO of security consulting firm Cigital, which joined with Fortify last year to create a set of best practices for developing and growing an enterprise-wide software security program, dubbed Building Security In Maturity Model.
"We expected this, and it's nice to see it happen," McGraw.
Cigital actually created the core technology on which Fortify's static analysis products are based, McGraw reminded me, and licensed it to Kleiner Perkins in 2003. "We developed this really early static analysis thing that was consultantware/researchware, and they turned it into a professional software product," he said.
McGraw sees the acquisition as a good thing, and echoes Chess's view of it as validating the build-security-in-the-app strategy.
"The big guys finally care about software security, and they've got the marketing muscle to cause lots of other people to care about it, too," he says. "And that's good for everybody."
McGraw offers an interesting overview of the current software security landscape in an InformIT article, "Software [In]security: Software Security Crosses the Threshold." Worth checking out.
Posted by John K. Waters on August 17, 20101 comments