Yesterday, IBM announced unfettered access to any intellectual property relevant to over 150 software interoperability standards...

he move, which IBM believes is the largest of its kind, is also designed to spur industry innovation, while discouraging litigation.

The software specifications and protocols involved in the pledge underpin industry standards, such as those reflected in Web Services: programming, transactions and data exchanged on the Internet and Web. These are typically under, or moving toward, stewardship by standards groups such as the World Wide Web Consortium and OASIS.  ...

Previously, all adopters of these specifications and protocols needed to secure royalty-free licensing terms from IBM. This move clarifies and makes more consistent the intellectual property usage rules, encouraging even wider implementations of open standards. IBM hopes that others companies and intellectual property holders make similar commitments.
Press release here at ibm.com, more information at the IBM Interoperability Specifications Pledge page .

I realize that standards-related topics don't typically inspire the hot and heavy discussions on edbrill.com.  But I think visibility in this area is increasingly important.  Last week in Japan, I did a press interview which covered, in part, the Microsoft efforts to standardize their Office 2007 document formats.  This week, there's new news on that front -- ITWorld reports "Microsoft OOXML spec 'dangerously flawed'".  This is an area worth paying attention to -- if only to make sure the wool isn't being pulled over your eyes.

Post a Comment

  1. 1  Paul Robichaux http://www.robichaux.net/blog |

    Wow, that's a big surprise: the ITWorld article you quote is based on comments by Rob Weir, an IBM employee.

    I'll be the first to admit that I haven't studied either Microsoft or IBM's proposed standards in depth, but it's ironic that you caution people about not getting the wool pulled over their eyes while at the same time linking to such a one-sided article.

  1. 2  Ed Brill http://www.edbrill.com |

    I suggest you read Rob's blog posting and tell me what part of the posting that inspired the news coverage is one-sided or biased. Also, the fact that Microsoft hasn't said anything about it other than ridicule from Doug Mahugh really says all that needs to be said, doesn't it?

  1. 3  Pedro Quaresma  |

    This is TOO scary.

    Let's imagine OOXML is approved as ISO standard (hopefully not, but this is just an example) and then a company gets in trouble (on a SOX audit for example) due to wrong calculation from a OOXML-based spreadsheet. What happens? Can this company hold Microsoft and/or Ecma responsible for it?

  1. 4  NeilT  |

    It's easy to throw comments like "dangerously flawed", but I have just read an article that identifies fundamental security issues in Java which are "as bad as it gets".

    Did I miss something about the fundamental platform on which Notes8 runs and the risk this runs? Or is Notes8 protected?

    How much confidence should I have in a product which is based upon another vendors coding which has, to be fair, been patchy at best in the security world?

    At least MS will be in control of their own standards and be able to issue their own fixes. Personally, were I in the MS position, I would take much comfort from that.

  1. 5  Ed Brill http://www.edbrill.com |

    @4 in what way will MS be "in control"? By submitting OOXML to ECMA, MS has yielded control to an outside organization. They can't unilaterally issue fixes to the specification now.

    Could you perhaps provide a link to the article on Java security issues? I can't really comment on that notion without a source.

  1. 6  Kevin Mort  |

    @1 - Wow, an IBM employee referencing an article where an IBM employee is posted. Yes, shocking indeed. : )

    I see this as an alternate view on the issue. Seems entirely feasible to me. I do believe MSFT has been given plenty of ink on their version of the truth on this issue.

  1. 7  Kerr  |

    @4, a little off topic (sorry ed), but can you provide a link to this article on the fundamental security flaws in Java?

  1. 8  Kerr  |

    @5 Doh!! Repeat after me. Read all posts before writing one!!.

  1. 9  Flemming Riis  |

    7, { Link }

    havent read it though but guess its the one being refrenced to

  1. 10  Nathan T. Freeman http://nathan.lotus911.com |

    It's this { Link }

    Buffer overflow in the image parser allows for code execution escalation.

    Seems to affect some versions of the JVM 1.4 and 1.3.

    IBM uses its own JVM for all the Eclipse-based stuff, so there's a separate java.exe for Sametime & Notes 8 & Expeditor. My Notes 8 JVM version is 1.5, and Sametime 7.5.1 is a late 1.4 subset.

  1. 11  Pedro Quaresma  |

    I think there's a big difference between the Java case (a bug in a software which is going to get fixed anyway) and the OOXML case (known issues not being fixed, and being submitted as part of a standard instead).

  1. 12  Kerr  |

    Ah, OK, I'll probably come across as a Sun apologist, but there is a world of difference between "fundamental security issues" and a coding error. "Fundamental security issues" suggests that there is a flaw in the core architecture that makes the platform inherently insecure. I think it's pretty well established that Java is one of the most secure platforms from an architecture view point. It's very embarrassing for Sun that such a bug was in the code, it shouldn't have been there, but it was a error in the code, not a systemic problem in the platform. As Nathan points out IBM have their own implementation that does not exhibit the fault (as far as I can tell), proving that it's an implementation issue.


Discussion for this entry is now closed.