Have your say at computerweekly.com
On the dangers of software patents
In response to the article "Europe in danger of becoming a haven for plagiarism, warn IT firms" (Computer Weekly, 4 November)
When it comes to software and patents, Europe has led the world by generally not allowing them. Here in the UK, we have allowed them to a lesser degree.
If we allow patents on software then presumably many thousands of US and Japanese-held patents will apply here. And you can bet that these patent holders will then start to try "shaking down" all the smaller firms: "You pay us £x a year or we'll sue you for infringement." Or: "We're big. We've got 500 patent lawyers and deep pockets, can you afford to go to court?"
Its noticeable that there are now small companies set up in the US specifically to do this kind of thing. They buy a few patents then go after companies. And this is supposed to help innovation?
In the US patents can be awarded for the simplest of concepts, and very large corporations have thousands of patents, so it is probably impossible to verify that an application doesn't infringe some patent or other - you can't defend yourself without immense effort.
If the EU is to have any hope of continuing to produce world class software it must reject calls to allow software (and business) patents.
David Bolton, Leyton
On the cost of the UK's national ID card scheme
In response to "ID card costs soar as supplier slams technology" (Computer Weekly, 4 November)
The government's plans for the national ID card scheme get their share of critics, much of it unfair. Critics would benefit from an understanding of what is already being done elsewhere with chip ID cards - such as in Hong Kong.
While we are not a supplier, Maosco is supporting the Hong Kong Special Administrative Region in its use of the Multos operating system for the Hong Kong ID card scheme, which has few critics. Its goals are simple; to improve immigration procedures and allow better access to government through e-services.
Hong Kong shows that biometrics on ID cards work, and has generated valuable experience on biometric matching, the use of secure card technology and the infrastructure to support them
Critics also put too much emphasis on databases. A chip ID card can validate citizens' credentials without reference to a database in most cases. Better than matching an identity against a database of the entire population (a slow process), in Hong Kong you can identify a legitimate card holder in seconds by using cryptography between a smartcard and a reader.
And critics exaggerate the cost of a scheme here. If you consider the scope of the UK scheme and the £14.6m spent on the first phase of 1.2 million cards in Hong Kong, it is hard to believe that the UK version would cost anything near the £1bn suggested by some.
Steve Everhard, chief executive, Maosco
What really goes wrong on software projects
On IT directors getting a place on the board
In response to the article "IT on the board can add to the bottom line", (Computer Weekly, 21 September)
I am not at all surprised that fewer than 5% of companies have IT directors on the main board.
Most IT directors focus solely on the next gadget or next 'big thing' in technology and how it will revolutionise operations - but a company board member is not likely to be interested.
IT directors who aspire to board status should be looking at technologies that will provide a monetary return and bring tangible business benefits to the organisation. The IT director should also be aware of the compliance issues and ensure the company is not at risk from regulatory or legal proceedings.
An effective board will recognise if the IT director is visibly protecting the business interests.
Geoff Webster, chief executive, Fast Corporate Services
Laurent S'raphin approaches discipline in software development from the idea that "it is not the tools that cause the problem" and blames poor communication. The issue is deeper than this (Computer Weekly, 26 October).
Most IT projects fail because:
- There is inadequate appreciation or specification of what is required to run the business - not what the managers want, nor what the users want, but what the business needs.
- There is no one person responsible for the project. A person with absolute authority for all aspects of the project, from timescales and budget to application scope and design changes, is a necessity.
- The project is changed. This may not be due to inadequate work on the specification, although it often is. It could result from a change in the business environment or losing sight of the project's original goals.
The project manager must make sure that the original project goal is kept in sight and the specification is maintained against current business requirements. This does not mean that changes are outlawed, simply that they do not rule the project, only enhance it.
It is OK to cancel and restart a project if the business need has changed so dramatically that it would be quicker to start again than to modify an obsolete design.
Outsourced developments need not face massive contract penalties or go back out to tender. Continue the relationship; the outsourced developer gains a new project and the customer gains business-experienced project staff with an appreciation of what is really required.
Graham Hayden, technical director, Real Asset Management
Encryption can protect your backed up data
A common thread ran through your 26 October issue - when it comes to protecting sensitive information from falling into the wrong hands, most organisations have a long way to go.
Ian McGibbon's "Whose data is it anyway?" explained the implications of third-party service providers gaining access to the sensitive medical records they are hired to manage. Nick Huber highlighted the fact that regulations such as Basel 2 and Sarbanes-Oxley require more companies to keep more data for longer periods of time, most of it ending up on back-up tapes with little or no protection. And John Alcock's "Threat from within" showed that the real security risk often hides inside the company.
A Synstar poll of 700 European IT directors showed security of their IT systems as their top concern. But when confronted by new threats most organisations prefer to do what is familiar, not what is right. Companies are investing more in security measures such as firewalls and virtual private networks but, with 50%-80% of all attacks coming from inside the organisation, additional investment in "perimeter security" produces diminishing returns.
Companies need to use strong authentication measures coupled with data encryption to separate the ability to manage data from the ability to read it.
Encrypted sensitive data stored on back-up tapes cannot be read, even if they fall into the wrong hands, or someone in the organisation mistakenly grants access rights to the wrong people.
Joanna Shields, managing director EMEA, Decru
The true value of university IT courses
With regard to "Table helps bosses rate IT courses" (Computer Weekly, 2 November) I am writing to correct a factual inaccuracy.
The University of Surrey does not feature at the bottom of the list as you report, and the data in the table for the University of Surrey is incomplete and incorrect - for example listing no students and no staff.
With regard to the current debate on the relevance of computing degrees to the IT industry the Department of Computing at the University of Surrey maintains close links with industry within both teaching and research programmes.
The content of our British Computer Society-accredited courses is regularly reviewed by members of the department's Industrial Advisory Board, and is continuously updated to reflect best practice and current trends.
We are proud of our reputation for the professional development of computing students. The majority of our students undertake a year of supervised professional training which we validate using the BCSUniversities' Professional Development Scheme. The University of Surrey is consistently among the top universities for graduate employment, and our computing graduates are highly sought-after by employers.
Steve Schneider, head, Department of Computing, University of Surrey