Intelligent Enterprise

Big Blue recently released its IBM Internet Security Systems X-Force 2008 Mid-Year Trend Statistics report, and it contains more than a few eyebrow-raisers. For example: Web-application-based security vulnerabilities have begun to outnumber reports involving conventional viruses and trojans (of the kind that target the operating system). We're now at the point where 51 percent of newly discovered software vulnerabilities depend in some way on Web-page interactions.

Also, there's been a sharp surge in the number of vulnerabilities that involve SQL injection (as opposed to cross-site scripting). Meanwhile, the use of infected image files (.gif or .jpg) as a way to inflict mayhem is on the decline.

What really got my attention, though, is the new Top Ten list of vendors with the most vulnerability disclosures. Normally you would expect Microsoft to be at the top of that list (I would, at least). Instead, it's at Number 3, behind Apple and... Joomla!. Fortunately, Joomla! can be secured, but it's quite possible that many novice Joomla! installers do not.

Over at the Adobe Developer Connection Web site, Belgian developer Sébastien Arbogast has posted an interesting article (a tutorial of sorts) on how to write next-generation Web apps in Flex. What's interesting isn't the Flex part (or the demo app itself, which is rather uninspired) but the underlying stack, which gives some hint, I think, of what Adobe's Flex evangelistas may be envisioning as LAMP-Next. It's a combination of Flex (for the presentation layer), BlazeDS (for messaging and presence), Spring (the runtime framework), Hibernate (for persistence), and MySQL (data layer). The application server used in Arbogast's example happens to be JBoss, but it could just as easily be something else.

There's something vaguely Orwellian, at times, about the language that turns up in quarterly and annual reports (the kind U.S. public corporations are required to file with the Security and Exchange Commission). Remember the classic slogans from Orwell's 1984? War is peace. Freedom is slavery. Ignorance is strength.

Perhaps we should now add, "Higher prices mean lower cost of ownership."

I'm reading a well-known software company's quarterly report dated April 1, 2008, wherein the following rather noble-sounding statements are made:

Lawyers were well represented (you might say) at last week's Enterprise Search Summit in New York. At times, ESS felt more like an e-discovery conference with analytics and social-computing side-tracks rather than a search conference featuring a few e-discovery sessions.

Based on what I saw at the Search Summit, there seems to be a new awareness, at ever-higher levels in the corporate responsibility chain, that in a litigious business environment, "enterprise search" is not just a knowledge-management tactic or a productivity aid, but a survival imperative. You will be sued some day. (It's not a matter of "if," but when.) During the discovery phase of the suit, you're going to provide (and also receive from the other side) bewilderingly immense amounts of data. Without good search technology, sifting through the data isn't just tedious but nightmarishly expensive.

In an earlier post, I commented on the (undeclared) "VM war" that seems to be shaping up between Adobe and Sun Microsystems. If Adobe has its way, PC users will soon be running Web-friendly desktop apps in a secure Virtual Machine environment built on Adobe technology. If Sun has its way, we'll all be running JavaFX apps. (And if Microsoft has its way, we'll all be using some combination of .NET and Silverlight.)

Sun appears to have overslept the alarm this time, however. The company announced its JavaFX-based RIA strategy a year ago to relatively little fanfare. And although the technology was touted at the recent JavaOne show, the fact still remains that few people outside the Java developer community have ever heard of JavaFX.

Just when you thought the Java application server market was pretty well saturated (if not in actual decline), along comes a brand new entrant with familiar-sounding promises of "lighter, faster, easier." What's doubly ironic is that this new contender comes from the very folks who've done so much (intentionally or not) to make "Java appserver" a bad name in recent years. I'm talking about the people at SpringSource (purveyors of the celebrated Spring Framework).

The recently announced SpringSource Application Platform is (according to its creators) "a completely module-based Java application server that is designed to run enterprise Java applications and Spring-powered applications with a new degree of flexibility and reliability." Spring geeks will recognize it as the long-awaited integration of Spring with OSGi.