Archive 20 May 2008 #68
Can Licensing Threaten Availability?
And Check My Vulnerabilities While You're At It.
By William Flanagan, Publisher
There is a broad license situation that came to mind recently because we heard another firm talk about outsourcing core IT function to "software as a service" or "Web 2 applications" on a vendor's server. The question is, do you have any options to bring those functions in-house if you don't like or can't accept future license terms? How long would a move take and what impact would it have on your business?
You might think you needn't worry about licenses in your own data center, but what if a software vendor decided you weren't properly licensed? Could you have your plug pulled? What might it cost to buy the required license?
OK, it's unlikely a software purchase wouldn't be licensed adequately, at least to start. But after a merger or expansion of the business, who knows? Another, possibly hidden threat arises from re-use of code by a vendor, where that re-used code is licensed differently from the vendor's own software. Many commercial software products contain components drawn from open source code. If you read the fine print in license agreements--even from vendors who champion proprietary software--you might be surprised to note acknowledgments to open sources. Open source code is licensed in many different ways, and often includes obligations on the end users as well as the "re-users" or vendors that include open source code in their products.
If you are concerned, there's a way to check you license obligations to authors of open source code. Palamida (http://www.palamida.com/) has built up a data base (reportedly about 5 terabytes) over the past five years. The db matches each version of an application or library to its license terms. The company devised an engine that searches for open source components in your code, then details the license form that applies (GNU Public License, for example).
While identifying the open source components, the Palamida analysis engine also checks the version of each identifiable part of open source against the National Vulnerabilities Database (sponsored by DHS and NIST). The report indicates known vulnerabilities and available updates or patches. Even if you don't fix it yourself, you might want to call the attention of your software vendor to the need for an upgrade.
For the record, Flanagan Consulting uses open source applications. We update them regularly.======================================
Flanagan Consulting Experts Support Litigation Professionals
Several associates are experienced in
analysis of patents, trademarks,
FC Associate Ray Horak recently authored two books on networking. William Flanagan was the technical editor for both. They offer extensive coverage, and are as accurate as two old pros can make them.
The new titles are:
Telecommunications and Data
Communications Handbook, 791 pages.
Wiley is the publisher. Available in bookstores and on the web from multiple merchants--do a web search for "Ray Horak" or start with Ray's profile page at http://www.amazon.com/gp/pdp/profile/AL7TPWAFURLDA.
How Can Flanagan Consulting Help You?
understand not only the technology of networks, but also
Subscriptions to ViewsLetter
Mailman, the Linux application, keeps the mailing list.
Special thanks for supporting
ViewsLetter to www.webtorials.com,
"Flanagan Consulting" and "ViewsLetter" are Service Marks of W. A. Flanagan, Inc.
W. A. Flanagan, Inc.
45472 Holiday Drive, #3
Sterling, VA 20166
|In Converged Networking, |
We have the Experience