As negotiations over theOracle/Sun mergercontinue, let's examine what they
might have in store for businesses and IT managers with respect to
software development,writes Kevin Eagles, CISSP, a
principal CLAS consultant, security and resilience practice, VEGA
Consulting Services.
The software sector often seems polarised between titans and
tiddlers. Titans pay lip service to open standards while often
exploiting their position to introduce proprietary technology
enabling suppler lock-in, creating a mighty headache for
consumers.
Radical mergers such as the Oracle/Sun combo could
revolutionise and shake up IT. Conversely, Oracle would do well to
remember what happens to companies which either overstretch
themselves and/or become entrenched in fighting yesterday's wars
and settling old scores. Novell became unstuck doing both -
remember CNE?
Oracle and Sun seem quite different companies, but both have
been actively collaborating with each other for years. What unites
them is far greater than what divides them - even though Sun
entered into a 10-year cooperation framework agreement with
arch-rival
Microsoft in 2004.
Sun provides a suite of software products, including the Solaris
operating system, developer tools, web infrastructure software,
identity management applications, MySQL database, OpenOffice, xVM
virtualisation and the ubiquitous Java platform.
Oracle's stock in trade is developing and producing enterprise
business software products, particularly database management
systems, and a foray into the identity management field. However,
the key strategic acquisition of BEA Systems in 2008 (a middleware
software company for Java) provided Oracle with a strong skills
base in Java development and related support knowledge.
Software ambitions
From a software point of view, we may see ambitious changes and
a targeted attempt to increase market share in many software areas,
not just standard enterprise business software.
Oracle has a raft of Common Criteria-certified (see note) EAL4
assured database products. Interestingly, with regard to operating
systems, both Oracle and Sun have Common Criteria-evaluated
operating systems, indicating significant levels of assurance and
security within these products:
• Oracle Enterprise Linux Version 5 Update 1 EAL4+
15-OCT-08;
• Solaris 10 Release 11/06 EAL4+ 06-NOV-07 with Trusted
Extensions evaluated to EAL4+ in 2008.
We may see a 'fusion' of these operating system offerings, which
would be less complicated than Novell's challenge with
Netware and SuSe Linux. The development of a single operating
system would keep development, maintenance and support costs down.
It may also consider looking at innovators such as
Ubuntu and provide a domestic version free which can run from a
CD/DVD or a shell within Windows.
We may also see the new corporation's applications optimised to
run more effectively on its own 'native' operating system.
Java is key
Further development of Java is a must - it is the goose that
lays the golden eggs. Java is a key element that supports many of
Oracle's products, especially
Oracle Fusion Middleware. In the smart card/smart token field,
JavaCard has fast become the preferred platform and importantly it
can sit on top of any smart card operating system. This gives it a
very privileged position for functionality, interoperability and
security requirements.
Additionally, Oracle only code-signs its software products that
are designed to run on a Windows operating system. The merged
corporation may find added value in standing up its own
code-signing capability as Microsoft has done.
Change is essential to stand out from the crowd.
Note: Common Criteria is a product evaluation scheme which has
international recognition. As of December 2008, the Common Criteria
Recognition Agreement (CCRA) has 26 countries as members. These 26
countries do have variances in mutual recognition relative to the
EAL rating and whether there are any cryptographic elements within
the evaluation.
Click here for
more information.