We want you to develop a Cobia module

Developing the Coba platform has been a learning experience for us here at StillSecure. From the very beginning we wanted other software developers and ISV's to develop and/or port their applications to Cobia.  Early on in speaking to these developers it was obvious that Cobia needed an easy way for them to develop to the platform and develop a Cobia-like UI for their applications.  We wanted to develop something that would make it really easy to develop to, giving developers a lot of flexibility.  We also wanted to allow UI development beyond just a simple web GUI. We wanted a widget like development environment which would really put the power in the developers hands. 

Yesterday, we announced the release of the Cobia SDK.  Developed in close collaboration with the development community already working on Cobia, we think this SDK represents a game changing event in the Cobia community evolution.  If you get a chance have a look at the SDK documentation. If you work at an ISV who would like to use the power of Cobia to expand the distribution of your product, this SDK could be just the ticket for you.

I am interested in what others think of the concept of the SDK and what you think of the Cobia SDK.  Drop us a line with your thoughts.

A realistic view of formerly open source security

Michael Mimoso on Information Security Magazine has a good article reprinted on SearchSecurity.com that talks about how the view of "the community" is changing in open source security.

Michael laments about the days when tools like Snort and Nessus were free as in beer, including the rules and plug ins for them. But taking a realistic, mature view of business Michael acknowledges that these tools had to "grow up". Michael puts it in perhaps the clearest language I have seen yet on the subject:

Well, Nessus had to grow up; Snort too. They've been commercialized by those that built them, and that was inevitable. After all, this is a capitalistic society, and eventually the socialism that is the free software movement just doesn't pay the bills.

Free Software = Socialism?  Not sure I would go that far. But words like patent, copyright and license have invaded the communities and commercial providers of formerly open source and free tools try to walk a fine line between satisfying the user community and keeping a healthy bottom line. Taking the logic to the recent ClamAV acquisition, Michael says it is only a matter of time before the other shoe drops on that one (as I have said from day one). However, one thing I would like to point out is, I don't beleive that deal has closed yet. I have heard rumors that there may be some roadblocks which need to be overcome.  I guess we will see.

Michael and I are again on the same page in talking about the impact this will have on UTM and other vendors who bundle these products into their own.  The guys at Astaro and Barracuda may play it off as no big deal, but they have to be already thinking about their options. I don't think it is going to be as easy as they make out and will certainly cost them more.

Finally, right in line with our strategy on Cobia licensing  Michael talks about vendors abandoning pure "open source" licenses in favor of a Cobia communtiy type of license.  I think over time more and more of the open source tools you use will move to this hybrid model of licensing

Isn't dual licensed open source software a hybrid?

Matt Assay is probably one of the most vocal zealots in the "religious right" of the Open Source movement.  Matt's views which are well documented, are that if it is not an OSI approved license, it is not open source, Microsoft is the evil empire and that eventually all non-open source software (as he defines it) is headed for the junk pile or museum. So it is no surprise then that he takes issue with Microsoft's Clint Patterson comments:

"The open-source development model has yet to demonstrate the ability
to support profitable software businesses that can drive the
coordinated research and testing necessary to sustain innovation. Many
in the open-source software community have shifted to hybrid business
models. They are making the same business decisions as any commercial
software company in terms of what products and services to give away,
what intellectual property to protect, how to generate revenue, and how
to participate in the community."

Matt then proceeds to do a lawyer like point by point rebuttal. Of course though Matt claims all of Patterson's claims are false, even he admits that most of them are at least partially true.  Beyond that though, Matt's arguments are the usual zealots type of drivel.  Whether we were talking about open source software or religious extremism, extreme zealots arguments have certain consistencies across the board.  Here is one:  When responding to this:

"The open-source development model has yet to demonstrate the ability
to support profitable software businesses that can drive the
coordinated research and testing necessary to sustain innovation"  Matt says while it may be true, who is Microsoft to talk about innovation. Matt that does not answer the question at hand. And Matt, forgive me for bringing this up, but when you are driving the kind of revenue Microsoft is I don't think they are as quite concerned with it as you are.  They have already done their foundational work Matt.  When you have that kind of market cap, you can get away with it.

But my bigger problem is Matt denying that hybrid models are not the trend in open source. Matt narrowly defines hybrid models as cases where source code is not entirely released under an open source license.  I don't think that is the issue. I think dual licensed software, which almost every commercial open source vendor is using now (including us here at StillSecure) is a hybrid model.  It is the future of open source.  The days of wild eyed hippies preaching free love, free sex and free software are over. Commercial entities how distribute software under an open source license need to be able to monetize their investment in the IP and dual licensing is a way to do it.  Also, companies who license their software under GPL, but only make it available to paying customers are violating the spirit if not the letter of the open source license as well.

The bottom line is extremism is a bad thing in just about everything.  There are no absolutes and you can't let your emotions get in the way of common sense when looking at open source software.

Who loves virtualization? Your CFO

Virtualization is taking the IT industry by storm and only Moore's law has probably had more financial impact. I was talking with StillSecure CFO, Larry Middle, last week about how well the message about virtualization is reaching CFOs. Larry's very aware of products like VMware because of the dollars it has saved our business. But from what I learned, virtualization isn't yet the hot topic with all CFOs. I would think it would be on the front cover of every magazine directed at IT spending.

If want to do yourself and your career a favor, anytime you are implementing virtualization make sure you cost out the dollar spend for a full hardware setup for comparison. Don't assume your financial organization will look into it themselves. Make sure the financial case is front and center so the business knows how much money you are saving.

The same applies when using Cobia. Show your financial team the dollar spend benefits of Cobia software with off the shelf Intel/AMD hardware over expensive (and less flexible) proprietary appliances. They'll love your analysis even more if you are running Cobia using VMware or open source Xen. You'll get lots of brownie points and they'll know you are spending the company's money wisely.