The Community for Technology Leaders


Pages: pp. 56-59


Insecure Software



Geekonomics: The Real Cost of Insecure Software, by David Rice. Software has become crucial to our everyday lives. But badly written, insecure software is costing businesses and individuals billions of dollars every year. In this book, the author shows how we can change this. Rice reveals why the software industry is rewarded for carelessness, and how we can revamp the industry's incentives to get the reliability and security we need. Readers will discover why the software industry still has shockingly little accountability, and what we must do to fix that.

The author points out some of the real costs of insecure software. For example:

  • In 1996, software defects in a Boeing 757 caused a crash that killed 70 people.
  • In 2003, a software vulnerability helped cause the largest US power outage in decades.
  • In 2004, known software weaknesses let a hacker invade T-Mobile, capturing everything from passwords to Paris Hilton's photos.
  • In 2005, nearly 24,000 Toyota Prius automobiles were recalled for software errors that could cause the cars to shut down at highway speeds.
  • In 2006, dubbed "The Year of Cybercrime," 7,000 software vulnerabilities were discovered that hackers could use to access private information.
  • In 2007, operatives in two nations brazenly exploited software vulnerabilities to cripple the infrastructure and steal trade secrets from other sovereign nations.

Rice is the president of TantricSecurity and has spent more than a decade in the military working on national security issues, including work for the National Security Agency. Whether you're a software user, decision maker, employee, or business owner, this book can be an invaluable eye-opener.

Addison-Wesley Professional; ISBN-978-0321477897; 384 pp.

SOA for Dummies



Service-Oriented Architecture for Dummies, by Judith Hurwitz, Robin Bloor, Carol Baroudi, and Marcia Kaufman. Service-oriented architecture (SOA) is a promising technology strategy supported by major vendors such as Microsoft, IBM, SAP, and Oracle. The foundation of SOA is built upon a collection of applications that can run on any platform and offer the various services users need, while requiring minimal development. By leveraging existing services and reusing the code, the service scan is built not only cheaper, but faster. According to Gartner, by the end of this year, 80 percent of new development will be based on SOA, and SOA will increase code reuse by more than 100 percent.

SOA is a complicated topic and difficult to explain. Technology and business professionals can now turn to this book to demystify the subject as they find themselves asked to use or implement something they don't understand. Providing a thorough overview, this is a true For Dummies book that aims to demystify SOA and make SOA concepts accessible to vast numbers of people.

A team of authors explain the dramatic implications of SOA, helping readers understand what SOA is and why it's important, how it can impact them, and what they can do to move SOA ahead in their own organizations. SOA is considered by many as the most important initiative facing IT today. This book also includes coverage of the ins and outs of XML, Web services, collaboration, data management, the steps toward implementing SOA, and case studies. It also provides a strong foundation by explaining why SOA is critical to an organization, how it can impact businesses, and how to implement SOA in a corporate environment.

Wiley Publishing; ISBN-0-470-05435-2; 360 pp.


Junk E-mail Filter works in the dangerous area of sorting through e-mail to filter out viruses and junk e-mails known as "spam," so that its clients receive only the messages they want to see. For higher levels of control and security, it uses open source virtualization software, known as Open VZ.

The company has set up virtual servers with Open VZ operating system virtualization software and maintains backups so that, if necessary, a virtual server can be restored on another physical server and started up immediately.

Four Open VZ virtual servers reside on each of four physical servers that run e-mail server software MySQL and SpamAssassin with virtual servers as large as 4 gigabytes.

The company has used Open VZ software to create templates for different virtual servers, such as its VoIP phone system and SpamAssassin servers that process e-mail. Each virtual server is deployed on a physical server independent of others, which enables the virtual servers to be moved to balance workloads.

E-mail filtering is easy to set up and doesn't require users to change their existing e-mail servers. Instead of messages coming from the Internet directly to the user's e-mail server, they go to spam-filtering e-mail servers. There, they are stripped of viruses and spam and within seconds are passed on to the user's existing e-mail server.


Green Technology, IT, and Business

27 February 2008

Los Angeles, Calif.

After decades of relatively slow progress in ecologically friendly industrial developments, the US now finds itself in the midst of a relative crisis on the environmental and energy fronts. Recent changes indicate that green technologies are now expected to play center stage in the US's national agenda.

Presented by the University of California at Los Angeles-WINMEC (Wireless Internet for Mobile Enterprise Consortium) in conjunction with the UCLA CIO Impacts Forum, the Green Technology Forum will discuss how advanced technologies integrated with IT infrastructure can be used to assist the national agenda and conversely how ecologically friendly approaches developed in other disciplines can be applied to technology. Four essential ingredients of green technologies—monitoring, renewing, conserving, and recycling—will be discussed, along with how new developments out of industrial research labs, tech startups, and universities are creating innovative opportunities and challenging the existing status quo.

Forum participants will present business, technical, and research opportunities in green industrial ecology and their relationship to government policies, including regulation and taxes. They'll also discuss the interrelationship between developing a business case and advancing new green technologies for the sustained growth of this industry.

Representatives from industries including power/electricity, water, utilities, oil, mining, manufacturing, automotive, aerospace, IT, construction, and infrastructure will participate in this open forum.

Topics will include green technologies leading to green business; eco-friendly and renewable energy sources such as bio-fuels; monitoring, conserving, and cleanup technologies; integration of technologies with IT infrastructure; modeling, measuring, and obtaining the benefits of implementing green technologies; public policy, government subsidies, and mandates; measuring return on investment benefits; internally motivated versus externally imposed solutions; and buying and selling of carbon trading offsets and the technology that makes it possible.

Top 100 IT Leaders

9–11 March 2008

Orlando, Fla.

This year's Computerworld's Premier 100 IT Leaders Conference at the Rosen Shingle Creek Resort explores "The Business/Technology Portfolio: A Deep Dive into IT Creativity and Excellence."

This conference allows attendees to hear from and network with Computerworld's premier 100 IT leaders and alumni. Attendees gain insight from leading user organizations in conference sessions centering on interactive discussions with IT leaders and industry experts. Virtually all presentations are from senior IT leaders at user companies.

Session topics include capitalizing on IT's end-to-end view of the business; revitalizing IT infrastructure to sustain agility and innovation; executing a high-value, competitive, and integrated information strategy; and ensuring and nurturing high-performing next-generation IT leadership.

Moderated by Computerworld editor-in-chief Don Tennant and executive editor of events Julia King, panelists include Don Tapscott, author of Wikinomics: How Mass Collaboration Changes Everything; Douglas Merrill, chief technologist at Google; Derek Chan, head of digital operations at DreamWorks Animation; David Zanca, senior vice president of e-commerce technology at FedEx; Cora Carmody, CIO at Science Applications International Corp.; Ajay Waghray, CIO at Verizon Wireless; Teri Takai, CIO for the state of Michigan; Steve Schuckenbrock, CIO at Dell, and Asif Ahman, CIO at Duke University Health System and Medical Center.

Software as a Service

25–26 March 2008

Santa Clara, Calif.

SaaScon 2008 is for executives and managers who create, build, procure, and deploy software-as-a-service (SaaS) technologies. An industry-wide event, SaaScon attracts end-user executives, vendors, and the spectrum of SaaS eco-system players. At SaaScon, you can learn how CIOs and their teams exploit service-oriented architecture, Web 2.0, and business services. You will also be able to network with peers who face the same challenges and opportunities.

Featured presenters for this conference are Ryan Bagnulo, vice president and head of architecture and innovation of corporate banking technology, Wachovia; Douglas Menefee, CIO, The Schumacher Group; Joe Lacik, senior vice president, information services, Aviall Services; and Craig Jocher, vice president, information systems, Transamerica Reinsurance.

Program topics include moving mission-critical applications to the business services model, understanding a delivery model in transition, measuring success, embracing best practices and avoiding pitfalls, balancing risk and reward, and securing data you don't control.

Workshop on Business-Driven IT Management

7 April 2008

Salvador, Bahia, Brazil

IT management has evolved significantly over the past few years as IT-based solutions have become increasingly critical to the functioning of organizations. From device, network, and systems management, solutions have evolved to include service management and IT governance. A recent shift in perspective brought to bear a more user-centric approach to IT management, putting IT managers in a position to look at IT not just from the IT department's traditional view point but from the user's view point as well: this is the reason for the appearance of services and quality-of-service metrics in these frameworks.

Even more recently, a further shift toward holistic understanding of IT to fulfill business objectives is occurring: we must look beyond IT services to the context where the services are used. This is termed business-driven IT management and is the object of this workshop. Held in conjunction with the IEEE Network Operations and Management Symposium (NOMS 2008), the third IEEE International Workshop on Business-Driven IT Management (BDIM 2008) aims to build the community of researchers in business-driven IT management.

BDIM focuses on the impact of IT on business processes and business-level objectives and vice versa. Besides conventional IT metrics such as availability and response time, BIDM looks at other key performance indicators—that is, metrics that have significance from the business view point. BDIM isn't restricted to IT environments in enterprises but encompasses techniques that involve thinking about IT in terms of business-level objectives for organizations that might not traditionally be classified as businesses.

Interop Las Vegas

27 April–2 May 2008

Las Vegas

Interop brings together IT professionals and business leaders to see all the latest technologies in action. The conference will feature more than 500 exhibitors, 200 sessions, and live demonstrations of tomorrow's business solutions for six days at the Mandalay Bay Convention Center.

This year's conference will focus on 14 key IT areas including virtualization, data centers, enterprise 2.0, green IT, software as a service, IT security, physical security, networking and services, application delivery, service-oriented architecture, storage, unified communications, Voice over IP, and wireless and mobility.

There will be a CIO boot camp panel discussion to help chief information officers excel in IT's top job. Chaired by Thornton May, executive director and dean of the IT Leadership Academy, topics will include alignment and governance, change management, compliance, emerging technologies, risk, strategic planning, budget processes, benchmark metrics, the changing role of IT, working with corporations and customers, and innovation.

Full- and two-day workshops will be held on topics such as planning for WiMax, mobile broadband, mobile security, voice over WLANs, open source and networking, effective IT management, and networking trends.

Mobile and Wireless World Conference

9–10 June 2008

Miami, Fla.

At the 6th annual Mobile and Wireless World Conference at the Marriott Doral Golf Resort and Spa, top IT managers from the public and private sector who are responsible for mobile and wireless initiatives will join in an executive forum to witness practical solutions for planning, designing, and building mobile and wireless platforms and solutions; gain first-hand knowledge regarding challenges found in implementing mobile and wireless programs in the enterprise; and hear presentations from end-user strategy and deployment experts.

Attendees will take away information for making better mobile and wireless decisions and network with other IT executives with similar mobile and wireless mandates.

Presenters at the conference include Ben Berry, CIO, Oregon Department of Transportation; Kevin Bott, senior vice president and CIO, Ryder Systems; Antonio R. Caesar, CIO, Head USA; Jay Dominick, CIO, Wake Forest University; Joseph Ferra, chief wireless officer e-business, Fidelity Investments; Norm Fjeldheim, CIO, Qualcomm; Kevin McConnell, chief architect of mobility and wide area wireless technologies, IBM; William E. Pence, chief technology officer, Napster; and Belinda Watkins, vice president, network computing and IT operations, Federal Express Services.

66 ms
(Ver 3.x)