Product faults not good PR for vendors? Tough

Open source united to the rescue...

Open source united to the rescue...

Trying to get vendors to reveal their crown jewels - and the inevitable bugs that come with them - is a complete nightmare for the proponents of open source. Sometimes the vendors need their arms twisted - often quite firmly and in a Chinese burn style - to be more open about the make-up of their technology, whether it's for the sake of increased security or healthy competition. Just yesterday Microsoft announced, as part of its settlement agreement with US authorities, it would disclose certain bits of computer code to other companies to make PCs less dependent on Microsoft software. But Microsoft still retains a large degree of control over what it releases and when it releases it. So while it's a step forward, it's not earth-shattering. But open source fellows and other supporters of technology users' rights to information are a persistent, resourceful bunch. The Microsoft issue is about giving users a choice and giving competitors a chance. But there's a related issue, which for many years has driven security boffins to relay to the internet world the discovery of bugs and holes. Watchdogs such as Alldas.de and Vulnwatch have performed the admirable task of telling the world and his dog when a particular product has a hole or when a certain website has been attacked. They're useful services and provide a degree of forewarning. But not all vendors like them and some are trying to outlaw the efforts of such organisations. This is bad news for everyone who uses the web. While the vendors might dislike what they perceive to be bad publicity, IT directors around the world need to know when a hole needs fixing. So now a number of bug trackers have joined forces to become Internetworked Security Information Service (ISIS) in an effort to stop the process being made illegal. This is clearly a good move. The stronger the united front against the vendors, the better.