The one thing we all have to remember is that open source leads to new concepts and market opportunity for small development shops. Just ask Astrum Inc. http://www.astruminc.com, what astrum did was to develop the first SUSE based Solution Stack using Novell technology. What they produced and what the independent testing reported was a beast of an appliance and Astrum published these reports on its website.
This solution described at RSA is the first true Identity based encryption system that can target users who have access to critical data or compliant sensitive data and harden compliance based policies that are compliance mandated. Astrum then did a OEM with nCipher and converted the nCIpher HSM from a 32bit card to a true 64bit card with eDirectory integration. Now if that wasn’t enough they then developed a key management system that never exposes any part of the key to a hacker outside the appliance and without making a customer change it’s network or put agents on it’s storage. I was very impressed as I spoke to representative from Astrum. Now according to nCipher as told to me at RSA this makes the Astrum solution the only solution to meet the up coming FIPS 3 compliance changes and make this appliance very unique in the market space.
The problem:
The concept from what I could gather was presented to Novell under NDA two years ago at the end of 2006 and promises of concept protection were made and agreements were signed and both worked with business units to ensure no competitive issues may arise. They did not! So Astrum shared with Novell executives the plan that at the end of the day for example map 8 of the PCI requirements to the appliance along with all the major compliances while having the ability to leverage all the security solutions sold by Novell or any other security software based solution that could sit in the network. What happened is Astrum became the first ever to develop and Novell based solution stack using SUSE enterprise server in a appliance only to have it stolen from them!.. Hence the following links.
http://sev.prnewswire.com/computer-electronics/20080416/AQW05816042008-1.html
http://www.novell.com/linux2/appliance/
So if the solution is potentially a market changing concept as Linux can be why expose a concept to a company like Novell who touts protection in the Open source community, of course they promise protection from Microsoft but who promises concept protection from Novell. When Novell realized the market impact of such a solution they have moved to slowly create competition for little Astrum who is coming to market with out any assistance as promised by Novell. This solution from what I hear from internal Novell had enough potential market impact that it changed a direction for a major software company like it did for Novell. Prior to 07 and from what I understand Novell couldn’t spell compliance much less understands an appliance stack approach to compliancy and encryption.
Develop for Novell on SUSE or jeOS, and expose a development and market plan, NO WAY!!! I really feel for these guys and have to ask why anyone would trust Novell and are they truly moving to a channel model.