As negotiations over the Oracle/Sun merger continue, let's examine what they might have in store for businesses and IT managers with respect to software development, writes Kevin Eagles, CISSP, a principal CLAS consultant, security and resilience practice, VEGA Consulting Services.
The software sector often seems polarised between titans and tiddlers. Titans pay lip service to open standards while often exploiting their position to introduce proprietary technology enabling suppler lock-in, creating a mighty headache for consumers.
Radical mergers such as the Oracle/Sun combo could revolutionise and shake up IT. Conversely, Oracle would do well to remember what happens to companies which either overstretch themselves and/or become entrenched in fighting yesterday's wars and settling old scores. Novell became unstuck doing both - remember CNE?
Oracle and Sun seem quite different companies, but both have been actively collaborating with each other for years. What unites them is far greater than what divides them - even though Sun entered into a 10-year cooperation framework agreement with arch-rival Microsoft in 2004.
Sun provides a suite of software products, including the Solaris operating system, developer tools, web infrastructure software, identity management applications, MySQL database, OpenOffice, xVM virtualisation and the ubiquitous Java platform.
Oracle's stock in trade is developing and producing enterprise business software products, particularly database management systems, and a foray into the identity management field. However, the key strategic acquisition of BEA Systems in 2008 (a middleware software company for Java) provided Oracle with a strong skills base in Java development and related support knowledge.
From a software point of view, we may see ambitious changes and a targeted attempt to increase market share in many software areas, not just standard enterprise business software.
Oracle has a raft of Common Criteria-certified (see note) EAL4 assured database products. Interestingly, with regard to operating systems, both Oracle and Sun have Common Criteria-evaluated operating systems, indicating significant levels of assurance and security within these products:
• Oracle Enterprise Linux Version 5 Update 1 EAL4+ 15-OCT-08;
• Solaris 10 Release 11/06 EAL4+ 06-NOV-07 with Trusted Extensions evaluated to EAL4+ in 2008.
We may see a 'fusion' of these operating system offerings, which would be less complicated than Novell's challenge with Netware and SuSe Linux. The development of a single operating system would keep development, maintenance and support costs down. It may also consider looking at innovators such as Ubuntu and provide a domestic version free which can run from a CD/DVD or a shell within Windows.
We may also see the new corporation's applications optimised to run more effectively on its own 'native' operating system.
Java is key
Further development of Java is a must - it is the goose that lays the golden eggs. Java is a key element that supports many of Oracle's products, especially Oracle Fusion Middleware. In the smart card/smart token field, JavaCard has fast become the preferred platform and importantly it can sit on top of any smart card operating system. This gives it a very privileged position for functionality, interoperability and security requirements.
Additionally, Oracle only code-signs its software products that are designed to run on a Windows operating system. The merged corporation may find added value in standing up its own code-signing capability as Microsoft has done.
Change is essential to stand out from the crowd.
Note: Common Criteria is a product evaluation scheme which has international recognition. As of December 2008, the Common Criteria Recognition Agreement (CCRA) has 26 countries as members. These 26 countries do have variances in mutual recognition relative to the EAL rating and whether there are any cryptographic elements within the evaluation. Click here for more information.