Thursday, June 29, 2006

Full Transcript of Dana Gardner's BriefingsDirect Podcast on Akamai and Cyber Security

Transcript of Akamai-sponsored BriefingsDirect podcast with Dana Gardner, recorded June 2, 2006.

Listen to the podcast here.

Dana Gardner: Hi, this is Dana Gardner, Principal Analyst of Interarbor Solutions, and you’re listening to BriefingsDirect[TM]. Today, a sponsored podcast and an important issue facing many nations around the world: cyber security and vulnerability.

With us is Professor Tom Leighton, Co-founder and Chief Scientist at Akamai Technologies. He’s also professor of Applied Mathematics at MIT and -- especially in the context of this discussion -- the former chairman of the Cyber Security Sub-Committee of the President’s IT Advisory Committee (PITAC). Welcome back to the show, Professor Leighton.

Tom Leighton: Thank you very much, Dana.

Gardner: We’ve talked in the past about the role of the Internet, how it’s important and particularly how its performance is important. I wanted to start our discussion by trying to understand the role of the Internet for society in Western culture. Increasingly across the globe, we seem to be more dependent on wide area networks, and networks like the Internet, or what we know as the Internet. How deep is this dependency, how intrinsic is it to our lifestyle and our security, and do you think this is only the beginning or is it a mature depth of dependency that we’re into now?

Leighton: I think we're critically dependent on the Internet today, and the depth of that dependence is constantly increasing. Aside from the obvious media and entertainment use of the Internet, from which we derive pleasure, the Internet is now central for communications, for commerce, for government, and for defense and utility industries. Pretty much all sectors of our society today have embraced the Internet and are now critically dependent on it -- and this will only increase going forward.

Gardner: So, if there were some disruption of this system we would see a significant negative impact across the economy, in politics, lifestyle, as well as the business of many companies. Are there any areas that you can think of that aren’t deeply impacted by the Internet?

Leighton: No, you are absolutely right. In fact we are already seeing some of the problems today that result from the lack of security in the Internet, through phishing and pharming, and cyber crimes -- personal identity theft -- that’s already happening today. We haven't seen large examples of cyber terrorism, or warfare on the Internet, or the takeover or loss of control of key utility facilities, although that's within the realm of possibility.

Gardner: We are seeing an increase in news about lists of important data being mislaid or misappropriated. We have heard about cyber extortion, as well as pharming and phishing, as you say, which are various forms of misidentifying or taking over seemingly secure communications. Does this really mean that our IT infrastructure is fundamentally insecure?

Leighton: That’s precisely what it means. Today we have evolved to a state where software is ubiquitous. Millions and millions of users have the same kind of software. That software is full of vulnerabilities, and it’s connected ubiquitously through networks that ultimately connect into the Internet. This enables cyber criminals great flexibility and power in launching attacks to exploit the vulnerabilities.

Gardner: Do you expect that there will be a sort of spy-versus-spy situation going back and forth, with remediation, patching, and band aids on one hand, and then more sophisticated nefarious activities on the other? How do I know that what I'm clicking on is getting to the right server?

Leighton: You really have no way of knowing that today, and I think we're pretty far from a state from where you will have an idea. If you're using SSL, and you're doing everything to verify what keys are being used in the SSL you’re using and who you're talking to, you can have some confidence. But it is very easy for the bad guys today to spoof you into thinking you are running an SSL connection when you are not -- or spoof you into thinking you are running an SSL connection with a trusted party, say a bank, when in fact you are running an SSL connection with a bad guy.

Today, you really have no idea -- at least 99 percent of Americans really have no way of telling who you're communicating with, and where you're packets are going on the Internet. This is what makes pharming attacks so successful. The person who is being victimized has no idea what’s happening.

Gardner: I have to say even though my email is filtered rigorously, I still get plenty of emails from folks claiming to be my bank, the people who do my stock trading, and my retirement account oversight, asking me to go in and re-affirm my password. I'm savvy enough not to do that, but they are pretty clever and very convincing.

Leighton: Those are examples of phishing attacks, and there are millions and millions of those a day. According to the statistics, about one percent of Americans fall victims to phishing attacks annually. What are much more difficult to spot are pharming attacks. In a pharming attack, the end result is the same: you lose your personal information. But in pharming attacks, you don’t have to do anything wrong. You don’t have to click a URL that was sent to you by a phishing email. Your just enter your bank’s URL as you normally would in your browser -- only you don’t end up at the bank. You end up at the bad guy’s site, and he delivers to you the normal signing page. Everything looks normal to you. You did nothing unusual. You sign in, and now he has your personal information.

There are a lot of ways he can make that happen. The basic protocols of the Internet don’t have any security. For example, consider the BGP, the Bordered Gateway Protocol. That’s the protocol that directs the path your packets take as they traverse the Internet. It’s easy for a bad guy to inject false information into the BGP protocol to send those packets to him. One way he can do this is to simply tell an ISP that he owns the IP address of the bank, and he will set the parameters so that, that information doesn’t spread more broadly than the particular ISP that he is attacking. And then, anyone in that ISP who dials up or gets broadband connectivity to that ISP will go to the bad guy, when they think they are going to the bank -- just because BGP doesn’t think to check whether the bad guy is really the owner of that IP address.

Another protocol that is now being exploited is DNS, or the Domain Name Server. DNS is like the 411 service of the Internet. When you type the bank’s name into your browser, the first thing your browser does is translate that name into an IP address. Just as when you make a phone call, you key in a phone number. You don’t type in a person’s name. The Internet uses DNS to do that conversion between a name and an IP address. There is a technique now that’s being widely exploited called “DNS cache poisoning” in which the bad guy goes into the DNS tables and changes the resolution for the bank -- or for any website -- to his IP address. When your browser tries to look up the IP address for the bank, it gets the bad guy’s IP address instead, and transparently goes there, without you having any knowledge that this took place.

Gardner: Now, is this a case of a double-edged sword? In an open and free society we are always going to have some vulnerability that we can do nothing about. Is this something we need to live with in order to enjoy the full functionality and openness of the Internet?

Leighton: No, that’s not the case. It should be possible to develop enough technology to preserve the openness that we cherish in our society, without leaving ourselves exposed to the criminals.

Gardner: I suppose part of the reason this goes on, this vulnerability, is that the risk seems to be acceptable, or the price seem to be acceptable. You would think that banks and retail and e-commerce organizations would be on the forefront of trying to stanch any risks, but e-commerce goes on, more and more people are on the Internet using it actively, and application activities are more robust. Do you think that we will soon reach a point where the risks become unacceptable -- and would that be a gradual type of event or some kind of a cataclysmic event?

Leighton: That’s an interesting question, and there are a lot of factors in play today that drive the answer. First, the banks, e-commerce players, and the commerce players that moved to e-commerce have already made the switch. There is no easy way to go back. The call centers are gone. The traditional methods of doing business aren't supported anymore at the levels they used to be in the past. The switch was made because the Internet offers tremendous economies. It’s much cheaper to handle the transactions over the Internet than it is by the traditional methods.

So, it’ not easy for them to go back. At the same time, the banks and financial institutions are very concerned about the level of fraud and cyber crime, and their exposure to it, yet they don’t have an incentive to be screaming about it publicly. In fact it’s just the reverse.

They don’t want to instill fear in the population, and the industries that have moved to e-commerce are in the same situation. They are successful, if people aren’t fearful to use e-commerce. If people would become afraid to use it, it wouldn’t be beneficial to business. Today, the financial institutions are backstopping the billions of dollars in losses. I think the statistics show that 80 to 90 percent of the losses are being covered by the financial institutions and not by the person who’s been victimized. But, there have been some well-publicized events recently where the person at home was left to pay. As that happens more, I think you’ll see an increased chance of a backlash against using the Internet. So, it is a double-edged sword. As criminals become more successful in exploiting the Internet, the costs go up, the need to get a solution increases, and the pressure increases there.

Gardner: So, this really is a case of an elephant in the room -- only the room is really the whole globe. I alluded in your introduction to your being chair of the cyber security subcommittee of PITAC or the President’s IT Advisory Committee. A number of findings were derived from that, and you delivered some testimony before Congress, the U.S. House of Representatives, in particular. You argued, I read in the transcript, that government funding needs to play an increased role, if not the lion’s share, in solving this. Yet DARPA, the defense research funding organization – which, by the way, helped Akamai to get its start in some basic research – doesn’t seem to be aware of this elephant in the room. Can you fill us in a little bit on what the issues are vis-à-vis research and development in order to try to ameliorate this before it become a crisis.

Leighton: DARPA is certainly aware of the problem. In fact, if you talk to officials of DARPA they will tell you that what keeps them up most at nights is our vulnerability in the cyber infrastructure that the defense department and armed forces rely on. At the same time, DARPA is now interpreting its mission to be one of a short-term nature to deliver products to the armed forces based on the research that’s funded by others. As a result, DARPA has dramatically cut its basic research program, for example, in universities. This has been felt particularly hard in the area of cyber security research.

In addition, much of this research has now been classified, which makes it impossible for the vast majority of researchers to work on the problem. It also makes technology transfer virtually impossible. Even if they were to discover something, it becomes classified, making it very hard to get it into the commercial sector.

So, DARPA, which historically has had a wonderful role in supporting basic research that’s led to all sorts of major advances including the Internet itself, is withdrawing from this area. At the same time, DHS, the U.S. Department of Homeland Security, which is tasked with the nation’s civilian infrastructure defense, is very focused on weapons of mass destruction -- and rightly so -- but to the point of having very little funding for basic research and cyber security. I think of their two billion dollar S&T budget, less then two million dollars goes to basic research and cyber security. And this leaves only NSF, which is way over-subscribed.

Gardner: And that’s the National Science Foundation.

Leighton: That’s correct, and the number of proposals they are seeing is overwhelming them. They can't begin to fund everything that needs to be funded to make advances in cyber security.

Gardner: So, we’ve established the stakes are high. DARPA doesn't seem to have a quibble with that. Investment is low relative to the risk, and yet there are so many proposals for research that the organizations that are in a position to fund can't keep up with the demand. Does that summarize the situation?

Leighton: Yes.

Gardner: Well, tell me a little bit about what the private sector can do. Obviously businesses have a lot of stake here. Akamai sponsored this podcast, so obviously there's some story here about what Akamai brings to the table. What do you expect that Akamai can do in the short term, and what do you as a businessman, educator, and a scientist think needs to happen beyond the short-term remediation?

Leighton: There really are two questions there. The first is what can businesses do, and one thing that they can do is work with the government to help encourage the government to do its job to fund basic research in this area and foster the development of new technologies which the commercial sector can implement and productize.

In the area of cyber security, the government is in a unique position to fund long-term and to even play a leadership role in adoption of better security practices, as well as to help standardize and adopt those security practices. I think industry, of course, has an important role to play, but we are at a point where we really need government leadership.

Now, in terms of what Akamai can do, we obviously can't solve the problem ourselves. This is a problem that took decades to make. We can help in certain areas in terms of a company’s Web infrastructure and application infrastructure. We can help shelter that infrastructure from cyber attack and we can help them by off-loading their public-facing material and getting it out of their critical infrastructure. Today there are many corporations and government agencies that poke holes in their firewall to let the world come in to access their websites and their applications.

In fact, if you go to any military base today, you will discover there are hundreds of websites sitting on the critical infrastructure, and there are all sorts of holes poked in the firewall to let the whole world come in. And, when you let the whole world come in beyond the firewall to your military infrastructure, that's not a good thing, because the bad guys can come in, too.

The software is so vulnerable that once they can come in, they can attack the infrastructure. Once they have done that, they can get across the local area network to critical infrastructure. And, then, very bad things can happen.

Gardner: It seems part of the issue, at least in the short term -- before we can get to the point of having research to go to a new generation of Internet infrastructure, protocols and security -- that this is managing permeability at its essence. What is Akamai bring to the table in terms of managing the permeability of the world as you put it getting into these important sites?

Leighton: We offer a solution wherein the public-facing website and the public-facing applications can be off loaded onto our infrastructure. Then, it's possible to close up the firewalls and not let the public come in any more. Akamai may need to come in, or may need to come to a staging point to get the content the first time or to get the applications, but we can be authenticated. So, it greatly improves the effectiveness of intrusion-detection systems and intrusion-prevention systems, because you are not by default inviting the world in. Then, Akamai will, through it's platform, deliver the content in the applications and do the interface with the world at large. At the same time, we put a lot of effort into making that infrastructure withstand denial of service attacks and various criminal attacks, such as theft of traffic. So, generally we can do a much better job of delivering that content securely.

Gardner: But as we pointed out, this is a fairly short-term. The real solution here is to come up with new science and put it in place. And as part of that, the committee we referred to earlier, the President’s IT Advisory Committee (PITAC), almost a year and a half ago had four recommendations for how to solve some of these issues. Do you have a sense of what the status is of these changes? What sort of progress has been made?

Leighton: Unfortunately, the progress is not as good as we might have hoped for. Of the four recommendations, the first recommendation had to do with funding and for basic research. The funding at NSF has improved but not to the measure that we requested and recommended. The situation at DARPA has not changed, nor has the situation at DHS. The recommendations to do with the size, increasing the size of the cyber security research community, and the tech transfer from the research community into the commercial community; there hasn’t been real progress there. On the last recommendation, dealing with coordination and oversight of federal cyber security R&D, there has been progress there, and that recommendation seems to have been adopted. We’re hopeful that the committee that has undertaken the charge to try and get an idea of what’s going on with cyber security funding will make some progress in that regard.

Gardner: Clearly, this is an international issue. There have been some reports in the media about other countries asking the United States for it to relinquish some of its control and influence over Internet infrastructure. That's coming at a time, as you describe it, not enough is being done to address long-term basic research issues. Should it be the United States government, DARPA, and the National Science Foundation (NSF) that are the leaders in this drive for advancement? Or is this something that has to be brought into an international organization or at least the some sort of federation?

Leighton: The United States does not control the Internet, so that's probably a misconception. There are clearly large companies here and, because of our economic power, we exert influence over the Internet.

In terms of fixing the problems, which will take a long time to do, that is a global problem. Fixing the problems of the Internet and to develop new protocols will ultimately require global agreement to really get to a much better state. That said, I think the U.S. government can play a leading role. Agencies like DHS, NIST [National Institute of Standards and Technology], or DARPA can play a leadership role, just as they have for example in IPv6 in saying that they want that protocol supported by contractors who do business with the government. DHS could fund the development of improved protocols for DNS, for example, that are more secure. Then, they could implement those protocols in government networks. They could then provide a leadership role where industry could say: “Yes, I want to have that protection, and I am going to implement that.” And before you know it, it becomes a de-facto standard.

Standard bodies themselves have not been particularly effective in the last one to two decades in improving the situation. There is a protocol called DNS Sec, which is a protocol that is meant to make DNS be more secure. It solved some of the problems, but not all the problems. That's been debated in the standards agencies for probably 15 years now, with no outcome. So, they have not proven themselves to be effective in changing the way the Internet works.

Gardner: Well, governments, both in the United States and elsewhere, seem to be responsive to the call of industry and the special interest that often represent them, and they also respond to the calls of the citizenry, particularly in election periods. What, from your perspective, should individuals and businesses do to try to increase the emphasis and understanding of this problem, and not let it sit on the back burner until it becomes, as we pointed out, a crisis?

Leighton: That's a complicated challenge. If industry were more outspoken about it, that would be helpful. You know as part of PITAC, we spoke with leading figures at several financial institutions. Behind closed doors and off the record they would tell you stories that made your hair stand on end about the problems we are facing and that they are facing today, but none of them would speak on the record.

I think if these officials would speak on the record and speak with Congress, that could be helpful. If they could speak with the Bush Administration, that would be helpful. There is an education process that needs to happen. There are a lot of folks in the day-to-day battle with cyber crime that are all-too-aware of the vulnerabilities we face, but in many cases the most senior officials in Washington and in corporations don’t understand that. They think by and large their systems are secure and they don’t fully understand the vulnerabilities they are facing.

So, I think education can also be helpful, and then once the people at the highest levels understand the vulnerabilities, there is a greater chance that the right prioritizations will be made and actions taken. The folks at home are stuck -- stuck until the problems get fixed. There is only so much they can do.

One report I remember said that if only mom and dad at home would keep their firewall up-to-date and their anti-virus software up-to-date, we wouldn’t have a problem. And that's a really naive statement, especially when you look at the biggest financial institutions and the Fortune 100 companies. Virtually all of them are routinely penetrated. They are buying every kind of the cyber defense that exists in the marketplace today and they can’t keep themselves from being vulnerable, and being infected. So, how are mom and dad at home going to figure it out? It’s just not reasonable to say that that's the main problem.

Gardner: Is it reasonable to expect that content and application delivery providers like Akamai can deploy services in order to keep this problem at bay, or do you think that eventually the bad guys, as you refer to them, will get the upper hand at some point?

Leighton: It’s a combination. Akamai is certainly a part of the solution. We can provide solutions to some of the problems. We can make corporations be more secure with their infrastructure by the steps that we have talked about earlier. That said, it’s not the entire solution, and we need to fix the underlying vulnerabilities in the infrastructure. That needs to be addressed. Today, the bad guys do have a big upper hand. There are a few companies like Akamai that help, but the vulnerabilities are severe. We have built the Internet over the last 30 years without really thinking about security at all, and core protocols we use are fully vulnerable today.

Gardner: Well, some sobering thoughts, but educational nonetheless. We are about out of ttime. I want to thank you for sponsoring the podcast and joining me here today, Professor Tom Leighton, the Co-founder and Chief Scientist of Akamai Technologies. This is Dana Gardner, Principal Analyst at Interarbor Solutions. You have been listening to BriefingsDirect. Thank you very much, professor.

Leighton: Thank you.

Listent to the podcast here.

Transcript of Akamai-sponsored BriefingsDirect podcast, recorded June 2, 2006. Copyright Interarbor Solutions, LLC, 2006. All rights reserved.

Monday, June 26, 2006

Transcript of BriefingsDirect Podcast with Product Managers from BEA and Wind River on the ‘Eclipse Effect’ on Large-Scale Software Development

This is a transcript of an Eclipse Foundation-sponsored BriefingsDirect podcast with Dana Gardner, recorded June 13, 2006.

Listen to the podcast here.

Dana Gardner: Hi, this is Dana Gardner, principal analyst of Interarbor Solutions, and you’re listening to BriefingsDirect[TM]. Today, a discussion about the impact of Eclipse on the development market; taking a look at ISVs, those large vendors that are using Eclipse.

From industry reports, Eclipse these days is being used by two-thirds of Java shops. It’s really taken this market by storm over the last two years. And here to talk about their experiences in that are representatives from two major software vendors. First, from BEA Systems, Bill Roth, the vice president of the BEA Workshop Business Unit. Welcome to the show, Bill.

Bill Roth: Thank you.

Gardner: And also from Wind River, Steve Heintz, the director of product management for developer technologies. Welcome, Steve.

Steve Heintz: Good morning, Dana.

Gardner: As I mentioned, the ramp-up in the use of Eclipse as an [integrated development environment] IDE commonality for developers in both enterprises as well as [independent software vendors] ISVs, has been remarkable. Can you tell us, Bill, a little bit about how BEA became involved with Eclipse?

Roth: Sure. It helps to go back through a little bit of history. As many people know, we had our own IDE and were doing our own investment in IDE technologies throughout the early part of 2000 up until 2003.

It became clear as we moved into 2004 that Eclipse was taking developers in our target market, the Fortune 2000, by storm. It was in every account that we went into. As a result of that, we made the decision to move into Eclipse for two reasons … three reasons, actually.

First was that it clearly had a market presence. Second, it allowed us to leverage open source while contributing the important things that we thought needed to be added. And third, we finally became convinced that the foundation was independent enough from IBM that we could have some legitimate sway. Those were the things that helped move our decision to becoming a strategic member and a board member of the Eclipse Foundation.

Gardner: Has this experience worked out, in your estimation, according to what you expected?

Roth: Absolutely. In fact, it has exceeded our expectations in some regards. The governance processes, for example, are fair and balanced. Open source is generally a meritocracy. And so, we’ve been given our fair shot both in the [Eclipse Web Tools Platform] WTP project, where we have a number of committers, but also at the board level, where we actually have elected a committer representative to the board. That’s Tim Wagner.

Our ability to make valuable contributions in both the JDT, the Java Development Tools Project, as well as the Web Tools Project, says that it met or exceeded our initial expectations.

Gardner: Has Eclipse Foundation actually had a business benefit in terms of reducing your costs of development, simplifying through some integration and extension points what you would have had to have done, perhaps, on your own?

Roth: Yes. There have been a number of business benefits from my perspective. As someone who oversees the sales, production, and operations around our tooling business, the business benefits are several-fold.

Number one, there’s a bunch of people who were building an IDE that I can now retarget to build features to make developers’ lives easier. The joke I always use is, Eclipse is how BEA makes the most of IBM’s research dollar. Now, that’s a bit of a joke.

Gardner: This isn’t your first time, right?

Roth: Of course not. The second benefit is that it gives us access to a much broader market, and the last numbers I saw is that in the Java Developer Tools market, Eclipse or Eclipse derivatives have a 58% market share.

In any kind of open-source industry where you’ve got multiple vendors, it’s almost unheard of. And the other benefits include our ability to deliver software more rapidly. The Eclipse update model, which is really one of the under-discussed pieces, allows me to -- rather than be on an enterprise software cycle, where I’m delivering every 12 to 18 months -- deliver software every day if I have to. Those are really the three business benefits that I see from my position.

Gardner: BEA is a provider of development and deployment strategies and runtimes and solutions for large enterprises -- high-performance, high-complexity applications -- and so it’s clear that Eclipse is giving some benefits there.

Perhaps in a different direction, segueing over to Wind River, where their platform and tools target embedded development, a whole different marketplace. Steve, what’s been the Eclipse impact or the Eclipse Eeffect, if you will, in terms of how Wind River has adjusted to this marketplace?

Heintz: Well, when I take a look at our market, we’re dealing with a different language than Bill’s [BEA] customers. We’re dealing with customers that are developing C and C++ projects, usually using Linux on a target-embedded device or a real-time operating system, like the VxWorks on a target-embedded device.

Our customers are in the aerospace and defense segment, the consumer-device segment, or networking equipment. Most of those customers demand not only tools from us, but very specialized tools specific to the type of product that they’re building from various partners out there.

For us as a single company to go and make all of those partner relationships and all of those integrations it was too time-consuming. It was actually impossible for us to manage all those integrations ourselves. That’s one of the best things that Eclipse brings to the table for us. There’s an open API model, and there are a lot of partners in our investor segment who already have the integrations done. So we get to take advantage of a much larger part of an ecosystem than we could develop and mature on our own.

Gardner: Now, this notion of faster time to market, that’s a big factor in Device Software Optimization (DSO). In your marketplace, can you give us some examples of how your clients and/or you have been able to get to the market quicker with a product as a result of using and supporting, or gaining the support of, Eclipse?

Heintz: Absolutely. DSO, or Device Software Optimization, is something that not only Wind River, but most of the companies in the traditional embedded market, are now embracing. It takes a little bit of a different model and different look towards operating systems and development tools than a lot of our customers took in the past.

Before, operating systems and tool vendors all had their own proprietary ecosystems. So if you were going to build an iPod based on a specific ARM processor, you'd look to the market, and there was usually only one IDE that you had available to you as a choice and one operating system that was ported to that particular processor.

We got together with the other companies in our industry to say, “Let’s embrace Eclipse. Let’s embrace some more pluggable models.” You can choose the appropriate debugger technology on the backend.

In the device-software development world, there are a lot of different ways to debug an embedded system. You can connect to it with a hardware probe; you could attach to it over Ethernet; you could attach to it over USB. It's a very different debug model.

All the tools are very specialized, based on what you’re building. Time-to-market is something that is demanded by our customers, especially in the consumer-device market. They’re trying to release products on a six-month time window or less. So, they want to choose tools, they want to ramp up the speed, they want to plug into a common environment, and put their product out the door in a very quick period of time.

Gardner: One of the things that we’ve seen is this rapid ramp-up and, as Bill mentioned, a large market share. That’s very powerful. That brings a large community together. So, even with the technical benefits of Eclipse at hand and acknowledged, that community brings a marketplace to vendors like yourself. And that marketplace is, in fact, developers.

As we know from the history of IT, attracting developers is extremely important for a number of business-model reasons. Can you give us a sense from your business model what this community means, and what can you do moving forward to perhaps better take advantage of the community around Eclipse?

Heintz: Because we’re dealing with customers in the C and C++ world, we’re at an earlier stage in the Eclipse-adoption cycle than the Java developers. We’re trying to take an active role with Eclipse to help promote Eclipse as a platform for C and C++ developers. Bill talked about the 58% market share that he gets to enjoy on the Java side. We're in a much, much earlier stage on the C++ side. We see the benefits, but we’re really at the stage of helping promote that to ISVs, to some of the partners in the C/C++ ISV community right now.

Gardner: Okay, Bill, on this same notion of extending the benefits and leveraging the community, where would you like to see Eclipse go, and how as a vendor in the Java community would you like to steer this as a beneficial and productive community development process?

Roth: The development of the extension or the plug-in market would be one thing that would be valuable. We’ve actually benefited from some of the existing plug-ins. Our initial Spring support was from a great project, Continued development and hopefully a business model behind it that let us offer plug-ins that offer more value to our customers from third parties would be excellent.

How we want the market to develop from a vendor perspective is that there are a number of important projects that are coming online right now that need to be adopted, and one of them, of course, is the Web Tools Project.

By the end of June, Web Tools Project Version 1.5 should be out, and this represents a major improvement in stability and functionality. The Web Tools Project and project model provide some fundamental technology for people that are doing Enterprise Java and server-side Java development. That model for building the applications is one of the things that’s our core focus -- making sure that that gets adopted.

Gardner: There’s another benefit from Eclipse here for those who are in a mergers-and-acquisitions mode. If you’re acquiring or being acquired and you’re Eclipse-based and the other company’s Eclipse-based, that offers some opportunity for getting to market more quickly and with less headaches in terms of integration. You’ve had an experience with this, Bill, at BEA. Can you give us the story?

Roth: We made the decision to take our current product line, which was called WebLogic Workshop, to Eclipse toward the end of 2004. It was important for us -- and it’s a substantial rewrite -- but we wanted to get into the Eclipse tooling market a lot faster.

The leading company of the independent Eclipse IDE vendors was a company out of Cupertino, [Calif.] called M7, started by some engineers from the former Symantec. For those in the Java community, you remember Symantec Visual Café. The chief architect and many of the engineers were from that particular project. They had a great product with some really interesting inspection software called AppXray, which really gave people the ability to see all of the aspects of a web application in one place.

It became clear to us toward the middle of 2005 that we needed to get into this market and get to market as soon as possible, because of all of the energy that was around open-source frameworks. We knew many of our customers were using open-source frameworks on WebLogic’s server. As a result, it became a natural acquisition. We bought M7.

We’ve integrated them, they’re now part of my group -- the Workshop group -- and their technology is really at the core of our offering. So right now, we’re in the process of taking our mainline technology, which will support folks from WebLogic Gate 1, and then merging it with the M7 line of code, which has been renamed BEA Workshop Studio, and we hope to produce a merged product by the end of the year.

Gardner: Steve, over at Wind River I know you can’t talk as a public company to a great extent about future plans around acquisitions. You’ve done several in the past few years. How does the Eclipse Foundation factor into a decision process around merger and acquisitions?

Heintz: Well, I can tell you that acquisitions are actually what originally drove our decision to adopt Eclipse. As you said, Wind River, acquired a number of companies over the last several years. And about three years ago, we had acquired, I think, four different companies that had their own proprietary IDEs.

Back in the old embedded approach to software development, everybody thought that their tool was the center of the universe, whether they were providing a simple editor or whether they were providing a test and diagnostic tool. We had these four IDEs that came into our product portfolio. We needed to decide which foundation we were going to use to build our single product line, and that’s when we took a look outside -- where Eclipse was at, where the Eclipse Foundation was at -- and decided to become a top-level contributor in the [Eclipse Device Software Development Platform Project] that we helped found.

This [DSDP Project] is helping move Eclipse to the C/C++ development world and helping move it to the specific needs of device software developers. Now, going forward, I can tell you that the first question that I ask of potential partners when we sit down at the table is “Is your product an Eclipse plug-in, or do you have a roadmap to take it to be an Eclipse plug-in?” because that substantially accelerates our ability to work together as a partner. So it’s absolutely one of the first requirements we look to for partners or further relationships.

Gardner: One of the questions I have been wrestling with on a philosophical level is the notion of whether Eclipse is an exception or whether Eclipse is a harbinger of what we can expect in terms of development, where a commonality or a federated mentality up to a certain point works very well. … What are your thoughts on this, Bill? Is Eclipse a model we should look at for the future in terms of a number of hybrids of development -- being open source and commercial? Or is this really just a one-hit wonder?

Roth: In some respects, Eclipse is unique; but in some respects, it gives us patterns that we can follow. I have a distributed team. I have engineers in San Jose, San Francisco, Seattle, Boulder, New Hampshire, Portland -- you know, they’re all over.

So that’s much like Eclipse. You got a bunch of people in Ottawa, and then you got people here, and then you got people all over the world. So, as a collaborative development model and a governance model it’s actually doing quite well, because, you know, [Bill] Joy’s Law: Most of the smart people don’t work for you. There’s Roth’s corollary to Joy’s Law, which is, most of the smart people don’t live in San Jose. I know that’s hard to believe.

Gardner: It is.

Roth: The fact of the matter is that this is the way that development really will be done in the future. That’s really one of the lessons that Eclipse has to offer. One of the interesting things is that IBM had sort of the germination of this project.

That is most significant -- and what’s going to allow for the building of a broader community -- the extensibility architecture and the fact that they chose things like [Open Services Gateway Initiative (OSGi)] to be the basis for this. It actually ties way, way back into some of the academic literature around System R and System R Star or the [IBM] Starburst Database Project to build an extensible database.

That’s sort of structured everything about how we view a base technology that can provide value, but yet still allow innovation, and a lot of innovation at that. In essence, it is somewhat unique, but we’re going to see more and more of the Eclipse model take hold across a number of projects that are going to be successful.

Gardner: Can you offer a couple of prophecies in terms of what types of projects, what types of technologies, you think would be ripe for this model next?

Roth: Well, that’s a really good question. There are a number of interesting things that are percolating. If you look at enterprise service bus [ESB] and some of the new category around service infrastructure, that sort of support, a SOA or a service network -- those types of things are where we’ll see the next model like this.

For example, in our service bus, we support not only mainframe connectivity, but Tuxedo connectivity, web-service connectivity, file connectivity, and all those things are plug-in-based and can be extended. Some of the high-order software, like service bus, are probably the next hit for this.

Gardner: How about on your side, Steve? Philosophically, do you agree that this is not a one-hit wonder, what the Eclipse Foundation has done, and if it is a pattern to be repeated, where would you like to see it head next?

Heintz: The way that the Eclipse Foundation is set up, the ability for member companies and contributing ISVs to influence the project on a regular basis, is very powerful.

From the Wind River perspective, Eclipse is not the only open-source project that we deal with. We actually sell a commercial Linux distribution as well to our customers. Our customers are putting Linux in routers or consumer devices, and I can tell you when I talk to my peers on the Linux management team or engineering team, on the Eclipse side of things, we really get to influence the project on a much more regular basis and get the extension points that we need in the software a lot more regularly.

So they really envy the model that is set up around Eclipse, as opposed to what they have to deal with influencing the Linux kernel or the Linux projects.

Going forward, Eclipse is going to be a great forum for some of the major challenges that face our industry and our customers in the future. We look at semiconductor companies coming out with most of their chips now being multi-core chips in the embedded market and the device market.

And, as Bill talked about there, new languages are being talked about, new methodologies for debugging and analysis and visualization of systems that run multiple cores, multiple processors, sometimes even multiple OSes in a single cell phone that you might get delivered in the future, or a digital TV, or a set-top box.

So these are some big programming challenges that our customers haven’t faced before, and we’re looking to some of our ISV partners, we’re looking to the academic community, we’re looking even to our own R&D teams to come up with new proposals and new ways to do this type of multi-core development, diagnostics, and debugging in the future.

Roth: Dana, Steve calls up one important thing, which is that … well, he’s got C++; I’ve got Java. We have a multi-language future in front of us. What we’ll see are developers building more and more technology in multiple languages.

There was recently a study by one of the market data firms that saw that, in general, Java developers -- my community -- use more languages when they develop than Microsoft developers. So, we’re heading into a phase where there’s multi-language development going on, and I can’t see how the people with proprietary IDE technology -- like Borland, like Oracle, for example -- are going to be able to adapt to that and have any real usability experience. Whereas companies like Wind River and ourselves are able to adapt -- because it’s fairly easy to mix the two languages. This is one of the untold stories.

Heintz: That’s a perfect example, Bill. When I take a look at some of our largest customers, customers in the telecommunication space that have thousands of developers, some of them are doing Java development, some of them are doing C/C++ development, some of them are doing mainframe development or scripting.

We went into one particular customer where they had 250 different development tools across a 5,000-developer organization -- nightmare to manage. These customers are making the decision on their own. They want to go to one common development framework.

Unfortunately -- well, fortunately for us – [Microsoft] Visual Studio is not an option. Microsoft is never going to support Linux development in Visual Studio, nor are they going to support Java development in Visual Studio very well. And so, these customers are choosing Eclipse as their base foundation.

Luckily, we were ahead of the curve. Now, we get the benefit from these customers coming to us and saying, “We only want to talk to you if you can plug into our standardized Eclipse Desktop that we’ve deployed to these software developers.”

Another great example is a very large military project, which is part of a future combat-systems initiative in the recent [U.S. Department of Defense] program by Boeing. They looked at all of the development tools available to them in the market, and they chose Eclipse -- specifically, they chose Wind River Workbench -- as their standardized development tool for all the subcontractors in the project, because everybody could write their plug-ins to a published, open set of APIs and standards.

Gardner: I think from the vantage point of 20/20 hindsight, one of the lessons to take away from Eclipse is it accelerated into the market rapidly, because it satisfied reduction of risk from both the user perspective, as well as the ISV and provider perspective.

And by that, I mean the contingency on a platform-level of risk for the user has been removed, or at least reduced, by the commonality of the Eclipse Foundation. The risk around tools and the choice of tools and the long-term implications of that has been reduced.

And whenever you get a situation where you’ve got a risk reduction, which means, you know, financial benefits on both ends of a virtuous cycle. It’s hard to beat. Do you agree with that, and do you think that’s what’s going to keep this spinning for some time?

Roth: Oh, most definitely.

Gardner: And you don’t see any real curtain-call on Eclipse. This was not a period for a consolidation -- and then we move on. This is something that’s got legs to it?

Roth: It’s partially because the notion of this history of extensibility. What that really means is a kind of scaffolding. If your question is, do things like the core Eclipse -- do they continue to develop and develop and develop -- I don’t know.

I think at some point in IDE, you get to the limits of what you’re able to provide, and the core of Eclipse architecture will be just fine. That’s a good thing. It forces the innovation for companies like Wind River and ourselves [at BEA] to basically innovate at higher levels and provide more and different value.

At some point, Eclipse may be just like oxygen. It may be part of the atmosphere; but it will be at the hub of everything we do for rich client tooling for software.

Gardner: Steve, the curtain call. Do you see a timeline on Eclipse, or how do you view this for the long term?

Heintz: For the foreseeable future. There are still some big challenges and big, big steps of innovation that are yet to be seen in our world, especially around C/C++; like I said, around multi-core programming and development, around multi-OS programming and multi-language development.

There’s going to be some time before we reach that point of Eclipse being the finished framework. And that’s fine. That’s exciting to us. We want to continue to contribute to that evolution and that change. But I don’t see this train stopping any time soon. Like I said, our major customers are deploying this across thousands and thousands of developers. Developers like it, our customers like it. It makes sense. It saves them time, money and increases their productivity. This is going to keep going.

Gardner: Great. Well, I think this has been a very educational and interesting discussion. I want to thank you both.

We’ve been discussing the impact of Eclipse among ISVs and in the market at large with representatives from two large software vendors. At BEA Systems, Bill Roth, vice president of the Workshop Business Unit, and also from Wind River Systems, Steve Heintz, director of product management for developer technologies there. Guys, thanks a lot for your time.

Heintz: Thank you, Dana.

Roth: Thank you!

Listen to the podcast here.

Transcript of Dana Gardner's BriefingsDirect podcast with product managers from BEA and Wind River on the ‘Eclipse Effect.’ Copyright Interarbor Solutions, LLC, 2006. All rights reserved.??

Sunday, June 25, 2006

Transcript of Dana Gardner's BriefingsDirect Podcast with Executives from Hewlett-Packard on the Business Case for SOA

This is a transcript of HP-sponsored BriefingsDirect podcast with Dana Gardner, recorded June 7, 2006.

Listen to the podcast here.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect[TM]. Today, a high-level discussion, not on the technology of Services Oriented Architecture (SOA), but on the business case -- the business issues: What's driving major enterprises to embrace SOA?

Joining us today are two SOA executives from Hewlett-Packard’s (HP’s) Consulting and Integration Division, Terri Bennett Schoenrock, the executive director of SOA services and consulting integration and J2EE open source programs, as well as Andrew Pugsley, worldwide lead for SOA service development. Thanks for joining us.

Terri Bennett Schoenrock: Thanks Dana, it’s great to be here.

Andrew Pugsley: Thanks Dana.

Gardner: Now, you two do quite a bit of traveling. You are out with folks in the field, customers and enterprises. What are some of the latest and greatest issues -- from a business development perspective -- that companies are focused on when it comes to the decision around moving to SOA? Why don’t we start with you Terri?

Schoenrock: HP and its customers believe that SOA is as much about business transformation as it is about IT transformation. SOA’s adoption is pervasive. Customers are seeing methodologies, tools, and applications changing to adopt SOA concepts and architectures. Business people are reading about SOA in trade journals and business publications, in stock market valuations for their companies, for our companies, and for other companies.

People, processes, and technologies across the enterprise are changing to adopt SOA transformational approaches. What we are seeing is that SOA is transforming business today. It’s about removing barriers between business and IT, and it's about the maturing of organizations, as businesses change and move farther into the new millennium.

Gardner: This SOA transformation involves so many different things: organization, culture, technology, and business process. I keep hearing customers ask: "How do I get started, how do I move from a pilot level into an enterprise-wide level?" Do you get those questions as well?

Schoenrock: Sure. As we look at SOA adoption -- and we work with a number of firms and a number of different customers -- SOA adoption is going to double year over year for the next five years, at least. More and more, our customers are moving from an enterprise-wide horizontal technology strategy to a strategy that says, "How do I link business and IT? How do I develop projects that help businesses understand -- as I have designed enterprise services for reuse, flexible computing services, and common platforms -- to reduce cost, so that they can be shared, so they’re architected well, etc?"

[They’re asking] how do I drive the business projects that raise the visibility of what I have done at the IT enterprise level, so that the business can begin to recognize a competitive advantage, and begin to really derive the benefit of all of this great work?

Gardner: Andrew, from your perspective -- because this subject is so large, because it's encompassing and complex across so many aspects of an enterprise -- when companies try to factor in cost-benefit analysis, what are the business needs that they are focused on? Is this a maturation and consolidation issue, or is this about becoming more agile and fleet in the marketplace -- or some combination? What are you finding are the major business motivators at this point?

Pugsley: There are a few things, Dana. One of the points I’d like to come back to is that you have made the point quite well that the move, or the transformation, to SOA is not just a technology thing. It involves many different aspects of an enterprise, from the skills these people have, the way this organization is set up, right through to how their supply-and-demand chain is established -- including technology.

One of the first things that we see as being key to successfully adopting SOA is for enterprises to actually take that step of understanding, that this is not just an IT thing. This is something that has benefits right across the enterprise, benefits for both business and IT -- but also requires action and change, for both business and IT.

Coming back to your question now, there are two sides to this coin. One side is this whole notion of consolidation and reuse. We have seen some enterprises that are treating SOA as primarily a vehicle for consolidation. And so, they’ve built a business case around consolidating applications and consolidating service and things like that -- and that’s good. They get a business benefit from that, and they treat the other benefits that SOA brings them as nice-to-haves.

But more and more, we are finding that in today’s rapidly changing business world that you can't treat some of those extra things as nice-to-haves. The need to be agile, the need to be able to identify and respond to change, is critical to not just business success, but to the very survival of organizations.

They need the ability to respond to events that happen, from customers releasing a competitive product, to changes in legislation, to changes in the way the marketplace is treating your goods or services. At the same time, there’s also a need to be part of change and take advantage of opportunities, new technologies, and new ideas that you have.

What we see is that while some organizations are saying, “Yes, we get benefits from consolidation” -- and certainly that’s an important thing to include in their business case – the fundamental benefits to SOA are the benefits that come from being more agile.

Gardner: When you talk about agility in this context, are you talking about the business side of the house being able to tell IT what they want to have happen in terms of a process and exception management, and entering into new markets, and then for IT to react to that? Is this really just getting better communication and execution between a business imperative and an IT function -- or is it larger than that?

Pugsley: That’s part of it. We tend to see or describe that interaction as a move away from how we traditionally talked about business and IT alignment as a kind of a static thing. What we really need to strive for now is business-to-IT synchronization -- alignment on an ongoing basis, so that the IT organization is able to respond or proactively respond to different events that happen.

To go one step further, when we talk about change, there’s this sense that you know there are some changes coming up; you know that you are going to release new products next year. You know that your competitors are merging or something like that. A part of the investment in SOA is not just preparing to make plans for those events that you know are going to happen, but also, to position yourself for those unexpected events, for things that might happen, or that you could imagine -- perhaps are unlikely to happen. But if they did happen would have a huge impact.

One of the tricky things with making a business case for SOA is being able to develop a quantitative basis for making decisions about how you are going to prepare for things that are, at least to some extent, uncertain.

Gardner: Terri, this ability to respond to change, do you have any case studies or examples from folks that you have dealt with -- and I know you probably can't share their names at this point without their permission -- but are there examples of how SOA has already fostered these responses toward a change or a dynamic marketplace?

Schoenrock: There are lot of ways SOA is transforming business today. One of the things that we have seen is the more mature an organization becomes, the harder it is to tell business folk from IT folk. Andrew just alluded to this.

One of the things that we have seen is organizations that become so mature related to SOA that they actually spin off an IT organization into its own subsidiary. The IT folk are now business folk, running their own subsidiary as a business, and supporting not only a whole business, but their own business. That’s really flexible business services -- breaking down the barriers between business and IT, and using SOA not just to remove inflexible business systems, but using SOA to remove inflexible business organizations and business silos, increasing organizational agility and really improving the competitiveness of business.

Another thing we have seen is -- when you take a SOA approach and provide the right enterprise architectural services, SOA services, and structured approach to measuring business and measuring IT – that you can ensure that you have services that are valued by the business and valued by IT. That improves the overall competitiveness of that customer. You can then develop an adaptive enterprise that could then support the change a business needs to become competitive.

[SOA] supports the cost-effective environment that business needs to be competitive, because, in the end, it really is about costs. It's about agility, and it’s about access to the information that businesses need in order to get the right competitiveness. That’s what we’re seeing in our customers: in financial services and in the public sector, where it’s not only about competitiveness.

In the public sector it’s about providing access to both constituents, as well as those who are within public sector organizations, especially those who are on the front line of providing defense and security. In manufacturing, it’s about providing agility, as customer preferences change, as manufacturing cost structures need to be driven down. In the telecommunications consumer area things are changing so quickly.

Gardner: This is interesting. On one hand, SOA is extremely inclusive and affects so much of IT and business, but on the other hand each business has its own history and its own legacy. The approach that they've taken could be entirely unique to them or even widely specific within a vertical. How do you take these overarching benefits of SOA and tailor it into highly individualized organizations, both in terms of their IT legacy, as well as their organizational and cultural legacy. Is SOA so agile that it can be overarching and specific -- I’ll open that up to either of you.

Schoenrock: We have customers who have achieved enormous returns on investment. We have a customer -- a financial services customer -- who has achieved a 201% return on investment. HP itself has achieved enormous return on investment from its own SOA initiatives. We have customers all over the globe.

If you look at the four verticals that we focus the strongest on, they include the financial services industry, and especially retail banking; manufacturing and distribution industries; the public sector; and media entertainment and communications sector. In all of those verticals we see a really balanced portfolio.

It's the same worldwide. We focus in three regions: Asia Pacific and Japan; EMEA, which is Europe, Middle East and Africa; and in the Americas, which is predominantly in Canada, the United States, and a few Latin American countries. We have some very strong focus in Brazil and Mexico and a few other countries very specifically. We see a really good balance across industries and across those countries.

Gardner: But in specific enterprises themselves, not just based on geography or a vertical, but because there’s so much individuality, how do you go in as a consulting and integration division with SOA being this large category, and yet still be able to adjust and deal with various specifics. Is this a technology problem or is this a management problem, and how do you face that?

Schoenrock: Actually, we have wonderful "secret sauce," and Andrew is the owner of the secret sauce, but we have two things that we do that are very specific. One is that we have a process that helps our customers very pragmatically address how to link business and IT. It’s a very quick, very easy, low-risk, high-business value process to assess your SOA.

You pick the services that the business cares about the most and that have the highest business value and business impact and the lowest risk from a technology perspective, so that IT can begin to build credibility. You then begin to build wins with the business, and begin to build increased focus. We add to that, something that HP has that’s very highly differentiated -- and that’s our approach to SOA maturity. To do that, we align that to what we call "domains of SOA." We have eight of them, and I want to hand off to Andrew who can explain this far more articulately than I.

Gardner: Yes, I want to hear about the secret sauce.

Schoenrock: This is absolutely very powerful stuff.

Pugsley: Thanks, Terri. The secret sauce is built around these eight domains. And the eight domains capture this notion that you referred to earlier, Dana. This is about technology, yes, but there is more to it than that. We have domains around business, around people, program management, governance, architecture, operations and management, technology itself, and then supply and demand.

What we do with an organization is to work with them first to understand where they are in terms of their maturity toward adopting SOA in each of those domains. Of course that gives you a picture of where you are today.

The next thing you need to look at is where you need to get to. As you point out, every organization is in a different industry or different marketplace, or geographies. Companies have different investments that they have already made and they have a different history.

What we also have associated with a domain model is a set of SOA value propositions. The task is to take these value propositions and really consider them in the context of the specific enterprise and ask whether this value proposition is valid for this particular enterprise in their context, given their strategy.

And by working through that value proposition across each of the SOA domains, we end up with a picture of where we need to take the enterprise. Of course, knowing where you are and where you need to go gives you some indication of what you need to do, what are the tasks, what does the roadmap look like to get there.

But we don’t stop there, because one of the things that I firmly believe is that SOA can bring value to every enterprise. At the same time, not all parts of an enterprise will benefit necessarily to the same extent. What we do then is to start to apply different types of measurement, where we are measuring the ability of different paths of the business to respond to different events. And we have a continuum of events.

So, there are some events that just about any organization will encounter, there are some that are unique to a particular marketplace or geography. Some will be unique to industries. And then, of course, there will be events that each enterprise in itself is facing because of its unique strategy and position.

What we do is develop a measurement -- for each part of the business -- of its essentially core business process. We identify a metric of how well they are able to respond to change, but we also look at that in the context of how important is it for that part of the industry to respond to change.

For example, with one of the Scandinavian telecom companies we have been working with recently, we see a big contrast in the need to be able to react to change in their wholesale business, as compared to their mobile cell phone business. In the wholesale business, they have a small portfolio of products that change relatively infrequently. And their focus is more about managing their partners and suppliers. In their cell phone business they have a huge array of products. They package those products for the marketplace in different ways constantly, and that’s quite a different picture to manage.

And so, in that particular case, when we want to start targeting our SOA investment, we focus on that cell phone business in the product creation areas -- where we are going to get the biggest bang for your buck. The follow-on benefit from that is, in terms of creating a business case, nothing sells better than success. When you've had that first project, and you've had some real impact, taking that and communicating that through the enterprise significantly eases the ongoing process of creating, developing, and managing the business case going forward.

Gardner: As we look at these cost benefit analyses on an enterprise-by-enterprise basis, are you finding in the field that there's a certain hurdle that they need to overcome at the beginning in terms of quite a bit of investment and quite a bit of inertia that needs to be moved through in terms of cultural shift, change, and transformation? Is there some sort of a payoff tipping point here, where the more you get into SOA, the more business value and the more return on investment you get? Is this linear? What sort of trends do you see in terms of business payback from SOA now?

Schoenrock: If we look at our own story -- and HP has done this for thousands of customers -- but if we look at our own story, we can take a look at the projected cost savings.

The cost savings actually start on implementation. When we look at where we measured return on investments; return on investment actually happened on go-live with our own implementation of our e-business center. Return on investment starts Quarter 1. We doubled our revenues. We halved our transaction processing requirements. We really recognized improvements right away. We achieved $1 million in cost reduction from fraud the first year we went live.

So, a lot of initial cost savings. From a projection standpoint, when we look at just the shared service piece of SOA, we think that we are going to be able to achieve a synergy implementing shared services. And those shared services are shared business services, and the shared services that we’re going to get in a virtualized and managed architecture running those business services.

We are actually projecting, just around our e-business architecture, a shared service synergy and cost savings of $70 million that we are taking out of IT. That’s an amazing amount of cost to remove by 2010. We are actually looking for more than that now, based on some of the other cost savings, but that’s just from that one piece we implemented around SOA.

Gardner: Obviously time is on your side if you get going on this sooner rather than later, particularly if you looking for that return on investment. That’s very interesting. From the perspective of those companies that are forecasting these sorts of returns, what can you offer them in terms of a get-started, get-into-it methodology? Within your organization, how should companies start working with HP, for example, in order to get going on this?

Schoenrock: As a transformation journey to build an adaptive enterprise, it starts with an identification of a key business initiative. We talked about that earlier. We believe that they should start that journey with us in an SOA assessment. We believe they should use our approach to measure SOA maturity and our capability to help them bring the business constituents into their project and really begin to link business and IT initiatives.

Gardner: On this point of getting started, you mentioned the SOA assessment. How long typically does that take? I know it’s going to vary a lot by company and verticals, but for a large enterprise -- what are we are looking at here in terms of creating a real assessment? Is this is a matter of months, weeks, quarters?

Schoenrock: It's a matter of weeks -- probably in the range of four to six weeks, depending on global scope and the scope of the actual assessment.

Gardner: We are just about out of time. I want to pass it off one more time to Andrew. In terms of assessment for those people that perhaps have had their interest piqued here, what is it that you are bringing to the table? Can you actually come out and give them a forecast on savings and business case, and what are the business values that you can provide just from this assessment phase?

Pugsley: One of the things that I point out here is that when you do the assessment our goal is not to come and do the assessment to somebody, but rather to come out and do an assessment with the people from that enterprise.

We work with them to help the organization assess their own situation. That’s very important, because ultimately the people working within that enterprise understand how the business works, they understand all of the spoken, as well as the unspoken, challenges that they are facing.

What we would tend to do, for example, is talk about percentage improvement in time-to-market. From that point, the customers’ organization can then interpret what that would mean for them. What we do is provide a basis for coming out with some final numbers.

But typically, we wouldn’t go quite so far as to give a fixed limit on that. Having said that, there is still that consolidation benefit piece that I mentioned. Often with that, it's quite reasonable to come up with some much firmer numbers, because we have a fairly well-defined methodology for consolidating applications and services. And that’s kind of core business. We come in and often we can give quite a good indication of how much saving would come from that.

On the agility side, it’s more tricky, because you are dealing a lot more with unexpected things. What we tend to do as part of our analysis is look at what are the events that are potentially going to happen, what’s the impact of those events, what’s the cost of the thing, how should they respond to those events, what’s the likelihood of that event occurring. From there, we can build up a picture not unlike risk assessment.

Gardner: It sounds like you would get a payoff from consolidation, a payoff from reduction of redundancy and reuse across services, and that then probably biggest payoff over time is the ability to be agile and fleet -- not only in your expected strategic challenges, but for the unexpected. What seems essential is being able to move quickly in a marketplace, to adjust and adapt [regardless of the challenges].

Pugsley: That’s probably the key. Ultimately, that will be the key benefit that people will get from SOA.

Gardner: Thank you. This has been a discussion on the business case and rationale for the ramp-up around SOA. We have been talking with executives from HP's Consulting and Integration Division, Terri Bennett Schoenrock, the executive director of SOA and J2EE open source programs, and also Andrew Pugsli, worldwide lead for SOA service development.

This is Dana Gardner, principal analyst at Interarbor Solutions. Thanks for joining us at BusinessDirect, and thank you to Terri and Andrew.

Schoenrock: Thanks a lot, Dana.

Pugsley: Thank you, Dana.

Listen to the podcast here.

Transcript of Gardner's BriefingsDirect Podcast With Executives from Hewlett-Packard. Copyright Interarbor Solutions, LLC, 2006. All rights reserved.

Sunday, June 18, 2006

Transcript of Dana Gardner's BriefingsDirect Podcast With Wall Street Analyst Brent Williams on Eclipse Foundation

This is a transcript of Eclipse Foundation-sponsored BriefingsDirect podcast with Dana Gardner, recorded June 7, 2006.

Listen to the podcast here.

Dana Gardner: Hi, this is Dana Gardner, Principal Analyst at Interarbor Solutions and you are listening to a sponsored BriefingsDirect[TM] podcast. Today, a discussion about the “Eclipse Effect.”

The Eclipse Foundation has grown in popularity for the past two or three years and really is on the cutting edge in de facto standards for development environments of major Java software projects, particularly among software companies themselves. To discuss this subject, we have Brent Williams, a Senior Analyst at KeyBanc Capital Markets. Brent has been a stock analyst for some 10 years. Prior to that, was a tools analyst at Gartner, and before that an operating systems and applications analyst at IDC. He has also spent some time as a developer. Welcome to the show, Brent.

Brent Williams: Well, thanks very much for having me, Dana. I'm glad to be here.

Gardner: You have a little bit of business to attend to in terms of your ability to discuss these subjects as a stock analyst. Can you go ahead and provide some clarity?

Williams: As part of our ongoing, “Keep Analysts Out of Jail program” and “Keep the Lawyers Happy program,” I've got to let you know that we may talk about publicly traded companies. My firm, KeyBanc Capital Markets, may have a relationship with those companies, including making markets in their stock, soliciting to provide them with investment banking services, or other forms of business relationship. On the other hand, you should also note that none of the companies that we discuss are ones that I hold or any members of my family hold any investment stake in any capacity.

Gardner: Alright. Let’s get into the meat of the subject: Eclipse Foundation. You have pointed out in some of the presentations I have seen that Eclipse is unique in that it straddles both business and technology. Describe what you mean by that -- and is this something that’s new? Have we ever really seen anything like the “Eclipse Effect” before?

Williams: What I meant by that was that Eclipse came along, taking technology that was developed commercially under the standard model at IBM, and brought it out to open source. Because of the nature of the tools business, the IBM sponsorship, and what this project was all about, it really attracted corporate developers.

If you go back to the early days of Linux, it was all individual contributors working on pieces of the project that were of interest to them. Eclipse came out as a fully finished piece of production-ready code. And, so it just didn’t evolve that way.

When Eclipse moved from a foundation or from a consortium into a really independent foundation that really had no material control from IBM, it was really set up to say: "How do we accommodate the business needs of all of these companies that are contributing code to this organization; and how do we do that to create a neutral playing field, because we recognize, many of these companies will be fierce competitors?"

That intentional accommodation of corporate needs was built into the organization from day one, and it’s been built into open source projects over time. And so, when you talk about the Eclipse Effect, it means that Eclipse has taken significant amounts of contributed corporate technology and has run with it, but it's also managed to accomplish a dramatic market share.

According to one survey I've seen, Eclipse is a tool of choice for about two-thirds of the Java developers in the world, and it’s coming up fast as a tool for many other platforms as well. So it's gotten tremendous market-share gains, which I think validates that the approach for this particular type of project really worked.

Gardner: Eclipse started out as an integrated development environment (IDE). It since branched out into some other areas. Are we really talking about the best of both worlds here in terms of commercial command-and-control development, as well as the viral and lower-cost development of the open source community approach?

Williams: That’s exactly it. Part of the way that they have been able to pull off this seeming contradiction is that they have a fairly loose project structure. In an operating system, by comparison, the Linux kernel all of the pieces are very tightly interdependent; and so, if there’s a bug or if there’s an integration issue between a couple of modules of the kernel, the whole thing comes crashing down and doesn’t work very well.

But in the Eclipse project, the technology is much more loosely organized. The end result is, that companies wanting to contribute a particular piece to Eclipse can go off and build that in a conventional structure, then contribute the product to open source. They don’t have to worry so much about dependencies with other projects. So, they can use a standard structure to get their area or their projects built, and then go and take advantage of open source. When you come out with finished code, we are actually starting to see the community come in and do enhancements off these more monolithic contributions from the corporations.

Gardner: As we have seen swift adoption, there seems to have been some tipping point, or critical mass, where the interdependency of those contributing and those using, starts to well up -- and there is more opportunity for people to contribute, which makes it more valuable, which brings more people into the community, which then prompts them to contribute. Is that what we are seeing: a powerful adoption benefit here?

Williams: I think we are seeing an inflection point, and that’s come up in maybe the last 12 to 18 months. That’s exactly the sort of virtual circle that you are describing. What's different, maybe just in degree or maybe in the way that it’s accomplished, is that the structure that Eclipse brings to bear makes it very, very easy for people who are focused on certain types of things; and are what they refer to in Eclipse as "add-in providers."

They maybe unlock some particular piece of hardware, or a gateway to older legacy data -- something like that. They can fit into that project or into that environment very effectively, perhaps more so than in other major platform architectures. That's really been one of the factors that’s helped this inflection point ramp up so fast, because the more focused add-on providers you can get out there with access to RFID readers or bar-code scanners, the more commitment they’ll have for that platform, and the more valuable the platform becomes.

Gardner: Now, an integrated development environment -- this is not a trivial piece of software, this is not even something on the same level of, say, a Web server. It traditionally required a great deal of research and development and effort by companies like Borland and Microsoft, who have been leaders in tools. For this to happen in this environment and for this inflection point to take place, does it portend a real shift in how software is developed, or is Eclipse a one-hit wonder that will probably not be repeated. And if this is something that is a harbinger of more similar types of activities to come, what does that mean in general for the software business?

Williams: Well, let me answer these two pieces in reverse order. We are entering a point in the software business where, if you look back to the height of the Internet bubble, there was a lot of stuff coming to market, that was features disguised as products, disguised as companies. Basically any somewhat-decent idea that was kicking around inside of somebody’s head went out and got funding, whether or not it was a sustainable product, or even company. When it got funding, it went public.

And so, what you had was a trough of despair for few years after that, when the idea file had been drained of even average ideas. There weren’t any really new technologies coming to market. We’re at a point now in the software business where we’re on the rebound from that drought of good new ideas; and we’re starting to see that broadly in many areas.

So, I think that, yes, development tools fall into one such area. It's been a fairly stagnant market until the last couple of years or so, since Java began to attain prominence in the mid-1990s. A lot of Java development environment decisions were made. Things went fairly quiet until Eclipse came along, and that has started to revitalize it. In general, we are in a period where there’s lot of good new technology coming to market that people are taking a look at. You are starting to see people actually put their dollars behind buying some of this technology, which they weren’t doing in the 2001-2003 time-frame. And now I have completely forgotten your question.

Gardner: Is this a one-hit wonder? That's to say, is what's happened with Eclipse unique, or are we seeing a larger shift toward open community development frameworks that are embracing the tipping effect that happens where adoption and contribution begets more adoption that begets more contribution? And does this happen outside of a traditional licensed software business model? And if so, what does that portend for folks like Microsoft, IBM, Oracle, and SAP?

Williams: There are a couple of interesting things going on; and I have been around development environments for a lot of years. As you mentioned, I covered development environments in the early nineties at Gartner Group and left to go to Wall Street just as Java was starting to become prominent.

The thing that’s happening is that the integrated part of integrated development environments is really undergoing change. If you look back historically to Visual Basic, Borland, or some of the stuff that Sun Microsystems has acquired or any of these development environments -- PowerBuilder, you name it -- they were all tightly integrated with a single vision and a single way of doing things. If you wanted to do a re-think of that, it was all-or-nothing. If you didn’t like the way that, let’s say, Borland’s Delphi handled database access, well, you had to just sort of live with what they did, or you had to go to a completely different tool, which would probably have faults of it own.

These were very monolithic, and it was difficult to integrate, say legacy 3270 access or something like that to the development environment, but you had to buy into a particular way of doing things. Then, you were at the whim of the vendor to do that. Eclipse has changed that a lot. Java had to a certain extent, but it was still proprietary vendors. Eclipse changes this dramatically, because the various bits of the IDE are very much decoupled and almost dis-integrated. They can be swapped out, reassembled, and reorganized much more flexibly than any development environment that I can think of at the moment.

If you don’t like something about Eclipse, you have the chance to go out and replace it and end up with a more best-of-breed solution. So the end result is, that a development environment or development strategy based on Eclipse can evolve over time more smoothly -- unlike: "Okay, I get PowerBuilder in here in client-server era, then the Internet comes along. PowerBuilder’s Internet support has taken them a long time to get out there, and then they don’t really make the curve very well. So, you have to just dump PowerBuilder and go on with something else." That's not a very smooth move forward -- in fits and starts every five or six or seven years.

Gardner: So, I guess we have now gotten to the point where the framework that developers are comfortable with, as long as it adheres to Eclipse, gives them an opportunity to do what they want to do, in the way they want to do it and yet not feel that they are outside of the larger environment that allows us to be compatible with other frameworks and other activities by other groups and developers. Is that fair?

Williams: That’s absolutely right. Even these days, whenever somebody uses the word framework, I find myself gritting my teeth unconsciously. If you hark back, I think this is really fallout of the mainframe era. If you hark it back a decade or so ago, a number of folks were talking about frameworks with a capital “F," and these were really complicated. I mean, you had everybody from Anderson Consulting -- where they called them methodologies, but conceptually equivalent -- and all the big system integrators -- you had guys like IBM, EDS, and a bunch of other folks -- talk about frameworks.

The idea was that if you bought into our one, big framework -- the one, true way to build software -- then your productivity would go through the roof, and life would be wonderful. The old style of frameworks was just another kind of religious buy. You had to buy into this whole way of doing things before you could buy the product. That was the same problem we had with early client-server tools, with those monolithic closed-development environments like PowerBuilder and stuff that I referred to.

Fast forward to today. Because of the open, loosely coupled approach to Eclipse, if you don’t like whatever framework is at hand, if you want to change to some other framework that supports the platform, you could do that. You don't have to heave out all your code. You don't have to start from square one. It gives you what frameworks can offer in the best of circumstances, but it does it without having to make you start from scratch to change frameworks.

Gardner: So, we can clearly see some technology benefits -- agility, flexibility and openness -- but there has to also be some impact on the economics and business of software. I suppose in the past there was a bit of a quid pro quo or at least a relationship between the tools, which were often sold at cost, or even a loss, because they tied the application and developer to a platform; and the monetization happened in that volume selling of the license for the platform.

Well, now that -- as you pointed out -- we are loosely coupled, we are not tied to a specific platform, how does the modernization happen? What does this mean for the folks who are making a transition from licensed software tied to the platform to this new era where we have got loosely coupled Web services, frameworks, and developers who are really not even thinking about what platform their code might be operating on?

Williams: The last thing you said hints at it the old model where you used a low price development tool as kind of a free "vial of crack" to get them hooked on your platform. That model only worked in an era where there weren't decisions already cast in stone about platforms. Right?

In the early days of client-server that model was brilliant because people hadn’t really made a decision about, "This is our platform for client-server type stuff." It was all new market, and that’s the right way to reach that market. On the other hand, saving somebody a thousand dollars, or whatever it is, on the development tool license, when the platform decision is already made, it’s really not going to do much for you. The cost of moving from UNIX to .NET is in no way going to approach the economics of free .NET tools, which is not going to close the gap.

It’s like if you buy a new car and you get free gas for a year. That might sway your decision. But if you buy a new car and you get those little things that screw on the tires to keep the air from leaking out free for a year, it’s probably not enough to make a difference. So, platform decisions are already made. Folks like IBM and a lot of folks from the Microsoft universe are going out there and saying the next opportunity is not to get people on the platform, because everybody has already got a whole mix of platforms.

We are no longer playing for, “Hey, we will get you on our platform. Our platform will solve all your problems. You will throw out all your other platforms -- and we’ll have a monopoly.”

Gardner: The old rip-and-replace methodology.

Williams: Yeah, rip-and-replace, and give all of your business to a single vendor. I don’t think that’s going to happen. IBM, for instance, is tremendously interested in Eclipse, because its flexible architecture allows it to surface capabilities from legacy systems into Internet Web-based applications.

You can make better use of assets that you have, and the end result might be that, instead of just trying to keep the mainframe business growing at a slow level of growth, IBM might be able to accelerate the growth of mainframes. That's not because that’s becoming a monopoly, but just because people will store more data on mainframes because they can get to it easier -- and they can get to it easier because they can integrate it into any application -- Web-based, client-server, whatever -- because of Eclipse.

Gardner: Perhaps one of the business impacts here is that a developer and an architect have a lower risk with Eclipse because they have both backward as well as forward compatibility with platforms; and in having that ability to be compatible, both to the past as well as the future, this gives new life blood to some of the older sun-setting platforms and reduces the risk of having to change framework and tools, should you want to move ahead to a new platform.

Williams: That’s exactly right. This is just another slant on what I was suggesting earlier about Eclipse taking you from having to live with what you’ve got until a revolutionary change in development environment comes along. Eclipse supports incremental evolutionary change more effectively, allowing customers to take advantage of those technologies, and allowing vendors to make money supporting that.

I think it’s a win-win situation when IBM has extended capabilities of some of the non-relational databases like Information Management System (IMS), so that they can capture what's happening in real time and generate streams of events to be pushed back out to a Web-based application. And, that’s a new capability for IMS. With a development solution that allows developers to take advantage of that on the Web-side -- since there is not that much IMS expertise out there in the world these days -- when you can get to that stuff easily, you can take advantage of your existing legacy code in a new way.

That’s usually great economics for the customer, and IBM can sell more IMS licenses, which, given the amount of R&D they spent keeping IMS maintained and improving it, creates a huge win for IBM. It really does give win-wins to both the customer and the vendor.

Gardner: There are some other trends that are bubbling up in the industry that have some impact here. I'm thinking about Service Oriented Architecture (SOA). You might have different applications running on different platforms, and not only can you take advantage of that from a development perspective using Eclipse, but on the runtime and operations and production side of things, you can expose those services and suddenly you have an opportunity of continuing to operate for a longer period of time for a lower total cost of the lifecycle of the application and platform.

That also raises the issue about where is the next value-add. Is it in the integration, and is there another level of tool that you’ll be depending upon to stitch together and orchestrate and composite these applications? And, not to be too long-winded, but what does Eclipse bring to that level of tool; how does Eclipse impact SOA?

Williams: Well, I think this evolutionary approach is certainly very much in line with SOA. Instead of going out and ripping out huge chunks of systems just because there is no other way to integrate stuff effectively, now I can surface bits -- not all at once, but over time -- that are important and I can effectively hook them all together in a way that’s already platform independent.

SOA is really about using incremental evolution of legacy code to try and produce revolutionary results, being able to do business in a far more productive way that I had in the past. Everybody knows SOA is a big deal; its going to take a long time, but it is a big deal.

Eclipse helps because -- I think you gave it away in the use of the word "orchestration" -- when you are building services, you might use one development approach to write code, with Java based IDE, which Eclipse is already very good at, and to stitch those things together, it might be a different team of people that are stitching these services together, and they are using an orchestration approach.

Having that work inside the Eclipse umbrella is very attractive to customers because they don’t have to have a completely separate product that has nothing in common with the Java IDE. The notion of business process management systems, or workflow management systems had been around for a while, but they’ve all been standalone products from different vendors than your ‘C’ Compilers or Java Tools guys or your database guys.

If those guys can operate under Eclipse with their own unique vision of workflow and orchestration, and the software development environment happens there under the Eclipse umbrella, then it’s a lot easier to have all those guys coordinating their efforts more effectively. The tools can all interface more effectively. That gives you more reliable applications, and it gets it done in less time.

Gardner: Perhaps some of the overview impact here is that the vendors are going through some transition, facing some challenges in terms of a shifting business model, but there should be plenty of opportunity for them to monetize and find value and bring more business benefits to their end-users over time.

I suppose the biggest winner here, the win-win, is for those enterprises that have reduced risk, have an opportunity to gain agility and can finally bring somewhat of an end-to-end understanding of benefit or control over development. Or, am I over-hyping some of the benefits to the end-user enterprise here?

Williams: It’s one of these things where there is enough interesting stuff going on, that I don’t think you are over-hyping. The over-hyping zone is in promising how fast this is going to go. We are now at a point where, for the first time, we can achieve these goals; that’s great news.

Just saying it’s possible is quite legitimate; saying that it’s going to happen in a short period of time -- whether that’s six months or two or three years -- that’s probably a little over-hyping. You certainly didn’t do that. I think that you are absolutely right.

The enterprises that can get to this can get themselves on a platform that will support incremental evolution of development processes. So, you don't have to go in fits and starts every five years, like you do with, a silo-based tool. Organizations that can do that will win over the long term.

So, yes, this is a reward for the clever. But interestingly, we are just talking about linear extensions of what people understand Eclipse to be about today. The other thing that we are starting to see is effects where companies are able to use Eclipse support in their products in ways that are bolstering their business and that aren’t terribly obvious. We have seen this in the case of, for example, Actuate which sponsors BIRT, which is one of the more popular tools, a Java Reporting Engine that can be embedded in your Java app. It’s part of the Eclipse platform.

Gardner: Right.

Williams: What’s interesting is that the Actuate guys went out and they -- as we talked about earlier -- used a very standardized command-and-control development approach to build the first two releases of BIRT, got it out there in community, and now they are building a community of developers around it. They are working in a more classical in-source fashion.

Actuate’s hope was to use the project to give them a stream of revenue for low-end business intelligence. Actuate’s problem had been that they were pinned at a very high end of the market, like Lamborghini is pinned up at the very high end of the car market. It’s hard for them to sell down into a more mass-market configuration without destroying their brand.

Actuate had been kind of the Lamborghini of business intelligence, and other companies that were more mid-market had outrun them. So, they went and had an Eclipse strategy, launched the BIRT product, and did a lot of good stuff as how they built their community. Now what they are finding is that it’s actually helping them sell the high end Lamborghini product, which isn’t open source. The end result is that having the Eclipse product not only helps them address a new market that they weren’t able to reach, but it actually helps them address their existing markets even more effectively.

Gardner: So, the business benefit for the vendors is that they can reduce their overall R&D spending on some of their new products by -- after a few iterations -- bringing it into a community; And, they can get the benefit of that larger community adoption becoming aware of their other commercial products and/or perhaps have additional monetization around service support, maintenance, and so forth.

Williams: Exactly. And that's a very unexpected kind of result -- the idea that they are getting rewarded for being a part of Eclipse on stuff that even isn’t directly Eclipse-related revenue. I think you'll see other people out there looking at using Eclipse, perhaps as BEA Systems has done with their Beehive project, contributing code to Eclipse to help achieve other strategic aims within their businesses than just, as they say, driving a support revenue stream from Eclipse-related stuff, as they do for their current projects.

Gardner: So, in effect, the Eclipse Foundation and community has provided a viral marketing benefit to these vendors, that they would have to spend a great deal of money attaining on their own -- with their own direct-sales force trying to create their own community and their own lock-in around a proprietary stack.

Williams: That’s exactly right; and this becomes a benefit to customers as well; as vendors start to use the interest, the market share, and the mind-share that Eclipse has among the customers, then they start to find these non-obvious business models.

That accelerates the momentum around the platform still further. The end result to the vendor community is that no longer is it a forward-thinking, bold, risky move, but rather an interesting one, to join Eclipse and contribute stuff to open source. It becomes just what you do for some portion of your business.

I am not saying for a second, that all code that’s currently commercial is going to open source. It's probably not. But, like the BEA guys have done, the Actuate guys have done, and some other folks have done, contributing some portion of your code asset to open source is going to provide dividends to you, the vendor, and its going to provide huge dividends to the customer community.

Gardner: I suppose the net takeaway here is that Eclipse Foundation has given a community and a viral distribution benefit to the vendors, the corporations and the users. They have had significantly reduced risk about making choices around platform.

Williams: That’s exactly right.

Gardner: That sounds like a nice combination.

Williams: What's interesting is that this is a very unique combination at the moment. But if you look at other areas, one of the things that have happened is people in industries outside of software are looking at what Eclipse is doing and they are saying: "Hey, this is really intriguing."

So, a couple of success stories include Procter & Gamble and a thing called InnoCentive, which was started by Eli Lilly, the drug manufacturers, to do essentially outsourced community-based science or product research and development. The exact methods are somewhat different than the way Eclipse works.

All of this was inspired by the work that the Eclipse Foundation has done as an organization, as a way of bringing companies that are often competitive together to do collaborative innovation among users, vendors, and competitors, and to have it work out well, so that everybody has real economic opportunities. The proof that Eclipse is actually doing this is in looking at how this notion of collaborative innovation is spreading to industries that have nothing to do with software.

Gardner: So, the Eclipse Effect is not, by any stretch, through – it’s just moving outward from its IT roots.

Williams: That’s exactly right. The Eclipse guys, as near as I could tell, are fairly sharp at understanding what's given them success. They've got a ways to go, but I think, you can actually see, without being excessively hype-driven, that in part because of Eclipse, and in part because of the attractiveness of open source in so many areas, that collaborative open innovation becomes an important way of doing all kinds of things.

It's not going to be the sort of circus show like, “Oh! Look, there is a bunch of hippies; they think they can write an operating system that will take the market share from Microsoft.” That was the perception around six or seven years ago.

Now, there may be some hippies involved -- many of them are on the payroll of these vendors, and they are already taking a lot of share from Microsoft -- it's no longer a freak show. This collaborative innovation model with a structure that allows competitors to have an even playing field and maximize those opportunities for vendors and benefits to customers, is just going to be a way that innovation happens in this increasingly globally outsourced to off-shore kind of world.

Gardner: Brent, I want to thank you very much for joining us here. We have been discussing the Eclipse Effect in community innovation, how it began with development tools and extended into other areas, and perhaps beyond IT altogether. Brent Williams is the Senior Analyst at KeyBanc Capital markets. Thanks very much for joining us here today.

Williams: Well, thanks very much for having me, Dana.

Listen to the podcast here.

Transcript of Eclipse Fouundation-sponsored BriefingsDirect podcast, recorded June 7, 2006. Copyright Interarbor Solutions, LLC, 2006. All rights reserved.