Twitter And My Spring 2010 Schedule

I was traveling for the past couple weeks in the United Kingdom to meet with clients.  Following a set of very successful meetings I ran into a bit of trouble.  Just as I was planning to return home a volcano in Iceland erupted and brought air travel in Europe to a standing halt.  I had to spend an additional 6 days in London. I never thought I would utter that combination of words, it just goes to show that sometimes truth is stranger than fiction.

(picture credited to AP Photo/Icelandic Coast Guard)

All things considered I can't complain too much.  Obviously it is never fun to have travel plans disrupted or to be away from family longer than anticipated.  But there are far worse places to be stranded than London!  It's a wonderful city.  And I have many clients, colleagues and friends there, so I kept quite busy, and was able to work from Forrester's London office while awaiting the green light to come home.  About a dozen Forrester employees were in a similar situation, and the company did a great job of making sure we were ok and provided much needed support; I'm sure many travelers were not so fortunate.

It is interesting how the web became my constant companion as I made my best efforts to stay productive during the crisis and find my way home.  I frequented the travel websites (American Airlines, Marriott), the UK and EU air transport authorities (NATS), news sites (BBC and Sky), and most of all Twitter (#ashtag) to stay up to date on the volcano news and ensure that I had a place to sleep every night, and a seat reserved on the earliest flight home.  Turning to Twitter for real-time, crowdsourced news was a real revelation: they often scooped the big news websites; and it provided a sense of community, a lot of us were stuck in this mess together!

Read more

Symantec: Looking like a security company again

I attended the Symantec WorldWide Industry Analyst Conference earlier this week. Here is the "net" of my impressions / takeaways from the event, not necessarily reflecting any specific statements by Symantec.

  • Symantec is more pointedly focused on being a security company. Symantec is re-orienting its strategy and position on information protection foremost, with systems management (Altiris, etc) and information management (Veritas, etc) being subservient to that broader mission.

Security took center stage at this event. The storage and availability management portfolio was mentioned quite a lot, especially de-duplication, but most of it was subservient to the broader security context. There was hardly any mention of Altiris solutions until a deep-dive on the second day. Security is certainly Symantec’s strength, even as its Storage and Availability Management portfolio is a major component of its overall revenues and profit.

  • Symantec’s articulated unique value proposition is in providing coordinated security in a world of complex threats. Symantec’s management heritage and breadth of portfolio lends itself to this .

As Symantec competes on the plane of security against Kaspersky, LANDesk, IBM ISS, McAfee, Microsoft, Postini/Google, and Trend Micro, that makes sense.

Read more

Security of open source: Sunlight disinfects, but does it introduce germs as well?

The security of open source software took a small hit this week as Mozilla reported that Firefox currently contains a root certificate authority that has no owner.  The fear being that this is a bogus CA inserted by hackers to provide trustworthiness to malicious sites.

This potentially provides an example of a nightmare scenario the anti-open-sourcers talk about: that hackers can inject back doors or introduce vulnerabilities within the open source development process.

Indeed, Fortify is drawing a rather extreme conclusion to this situation with its European director, Richard Kirk, stating that “this tilts the balance in favour of Microsoft’s Explorer”. That’s a ridiculous claim: in the browser war, this event will not move the needle one way or another. All it’s served to do is get much of the security community (which tends to favor openness) to jump on Fortify. Besides, while good theoretical arguments are made on both sides of the “security of open source versus closed source” debate, in practice it comes down to, well….practice. And it has been shown that one of the best practices is openness: whether closed or open source, an open and transparent disclosure process improves security over time.

I do agree with what Fortify’s Kirk says later, that “The important thing to stress, however, is the need for software security testing to identify and remove vulnerabilities from applications, rather than simply trying to block attacks on software by securing the network.”

Lesson #1: DO use these moments to offer constructive advice by raising awareness of issues and solutions.

Read more