VMware And salesforce.com Join Forces To Push PaaS To Mainstream Adoption With vmforce

salesforce.com and VMware announced today the development of a joint product and service offering named vmforce. Forrester had a chance to talk to executives at both companies prior to the announcement, and I am quite impressed by the bold move of the two players. Most developers in corporate environments and ISVs perceive the two stacks as two totally different alternatives when selecting a software platform. While the VMware stack, with its Tomcat-based Spring framework, reached mainstream popularity among Java developers with its more lightweight standard Java approach, salesforce.com’s Force.com stack was mostly attractive to developers who liked to extend CRM packaged apps with individual business logic or to ISVs that created new applications from scratch. In some cases, the Java standard and the more proprietary APEX language at Force.com even appeared as competitive options.

I attended the Symantec WorldWide Industry Analyst Conference earlier this week. Here is the "net" of my impressions / takeaways from the event, not necessarily reflecting any specific statements by Symantec.

• Symantec is more pointedly focused on being a security company. Symantec is re-orienting its strategy and position on information protection foremost, with systems management (Altiris, etc) and information management (Veritas, etc) being subservient to that broader mission.

Security took center stage at this event. The storage and availability management portfolio was mentioned quite a lot, especially de-duplication, but most of it was subservient to the broader security context. There was hardly any mention of Altiris solutions until a deep-dive on the second day. Security is certainly Symantec’s strength, even as its Storage and Availability Management portfolio is a major component of its overall revenues and profit.

• Symantec’s articulated unique value proposition is in providing coordinated security in a world of complex threats. Symantec’s management heritage and breadth of portfolio lends itself to this .

As Symantec competes on the plane of security against Kaspersky, LANDesk, IBM ISS, McAfee, Microsoft, Postini/Google, and Trend Micro, that makes sense.

The security of open source software took a small hit this week as Mozilla reported that Firefox currently contains a root certificate authority that has no owner.  The fear being that this is a bogus CA inserted by hackers to provide trustworthiness to malicious sites.

This potentially provides an example of a nightmare scenario the anti-open-sourcers talk about: that hackers can inject back doors or introduce vulnerabilities within the open source development process.

Indeed, Fortify is drawing a rather extreme conclusion to this situation with its European director, Richard Kirk, stating that “this tilts the balance in favour of Microsoft’s Explorer”. That’s a ridiculous claim: in the browser war, this event will not move the needle one way or another. All it’s served to do is get much of the security community (which tends to favor openness) to jump on Fortify. Besides, while good theoretical arguments are made on both sides of the “security of open source versus closed source” debate, in practice it comes down to, well….practice. And it has been shown that one of the best practices is openness: whether closed or open source, an open and transparent disclosure process improves security over time.

I do agree with what Fortify’s Kirk says later, that “The important thing to stress, however, is the need for software security testing to identify and remove vulnerabilities from applications, rather than simply trying to block attacks on software by securing the network.”

Lesson #1: DO use these moments to offer constructive advice by raising awareness of issues and solutions.