VMware has been publicly chastised for allegedly violating the GPL in its proprietary vmkernel technology. Now, in VMware's most recent quarterly report, the company calls out widespread use of open-source software in its products.
It is customary for public companies to overstate risks to their businesses in an effort to forestall shareholder lawsuits. Better safe than sorry, seems to be the thinking.
Even so, I find it fascinating to see the extent of VMware's admission to using open-source software in its products, especially in light of the criticism noted above. Here is the relevant section of VMware's 10-Q in its (near-) entirety:
Our use of "open source" software could negatively affect our ability to sell our products and subject us to possible litigation.
A significant portion of the products or technologies acquired, licensed or developed by us may incorporate so-called "open source" software, and we may incorporate open source software into other products in the future....We monitor our use of open source software in an effort to avoid subjecting our products to conditions we do not intend.
Although we believe that we have complied with our obligations under the various applicable licenses for open source software that we use such that we have not triggered any such conditions, there is little or no legal precedent governing the interpretation of many of the terms of certain of these licenses, and therefore the potential impact of these terms on our business is somewhat unknown and may result in unanticipated obligations regarding our products and technologies.
... Read more
I just came across this post by Rich Miller, pointing to the XenAccess, a potentially valuable open-source project that aims to bring VMsafe-esque capabilities to the Xen project.
Hatched at Georgia Tech in 2007, the project hasn't been moving very fast, but perhaps its time has come? That depends on the importance of VMsafe, to some extent. As for VMsafe:
VMware VMsafe is a new security technology for virtualized environments that can help to protect your virtual infrastructure in ways previously not possible with physical machines.
VMsafe provides a unique capability for virtualized environments through an application program interface (API)-sharing program that enables select partners to develop security products for VMware environments. The result is an open approach to security that provides customers with the most secure platform on which they can virtualize their business-critical applications.
Could Xen benefit from enhanced security? Of course, just as VMware does. VMsafe enables third-party security vendors to check security of virtual machines at the hypervisor level, scanning incoming and outgoing traffic to get excellent visibility into the virtual machine, and thereby to protect it. Adding this to Xen would be a big win.
It's just a question of whether the project can evolve from Georgia Tech into a broad, industrywide effort to improve Xen's security. Given that Xen started as a Cambridge University project and ultimately gained support from Intel, Red Hat, and others, perhaps the odds are in XenAccess' favor. We'll see.
- prev
- 1
- next
