By Kevin Murphy in Berlin
The European Commission yesterday threw down the gauntlet to Microsoft Corp, saying that public IT projects could start to favor tenders from alternative operating systems, unless the Redmond software giant makes moves to open up the source code to Windows. Speaking at the opening of the first Information Security Solutions Europe conference in Berlin yesterday, new European Union information society commissioner Erkki Liikanen said security system vendors could suffer from a lack of access to the code on which their applications run.
He said of the cryptographic industry: There is a major obstacle to its expansion, the desktop computing market is dominated by a few systems. This would not be a problem in itself if those weren’t proprietary systems. Building security solutions when one has no access to the source code is a major challenge, it means there is a whole range of security products which European industry cannot supply. Discussing what the European Union could do to encourage open source OS’s, Liikanen said: One way could be to ensure that public tenders for computer equipment no longer specify particular systems.
The assembled audience of public key infrastructure (PKI) vendors and other IT security firms agreed that lack of access to Windows makes the challenge of securing the desktop more difficult (although Liikanen was diplomatic enough not to mention Microsoft by name, there was no doubt what he was referring to). Swedish security startup MySpace AB, which makes a device to securely bypass the desktop PC when conducting high-risk transactions, told ComputerWire it had recorded 123 reported security back doors in Windows so far this year.
A source within the German Ministry of Economics and Technology and members of the EC’s Directorate General DGXIII, all suggested that the EU should actively promote open source operating systems as a means to improve the security of the internet. How this could be achieved is another matter – many EU governments have no centralized purchasing policy at that granular a level.
The ISSE conference runs until tomorrow, and is the first is what is planned to be an annual convention of vendors of PKI and security software. The conference is organized by trade body EEMA (European Electronic Messaging Association) and featured speakers from notables such as IBM Corp, VeriSign Inc and various European governmental bodies.
