Richard Soley's On The Road Blog

OpenSSL came under fire this past week through the now infamous Heartbleed bug.

This open source encryption software is used by over 500,000 websites, including Google, Facebook, and Yahoo! to protect their customer's valuable information. While generally a solid program, OpenSSL harbors a security vulnerability that allows hackers to access the memory of data servers and potentially steal a server's digital keys that are used to encrypt communications, thus gaining access to an organization's internal documents.

Technically-known as CVE-2014-0160, the Heartbleed bug allows hackers to access up to 64 kilobytes of memory during any one attack and provides the ability for repeat attacks. Faulty code within OpenSSL is responsible for the vulnerability and -- as an open source project -- it's hard to pinpoint who is responsible much less scrutinize all the complex code created for the SSL project to find such a minute vulnerability.

While I'm definitely not knocking open-source projects -- Wordpress and Mozilla Firefox are both open-source and world-class programs -- there needs to be careful scrutiny over any contributed work submitted to open-source projects. As Zulfikar Ramzan, CTO of Elastica, told the New York Times, "Heartbleed is not the main part of SSL. It's just one additional feature within SSL...So it's conceivable that nobody looked at that code as carefully because it was not part of the main line."

The owners of open source projects need to examine the testing harnesses used prior to checking in code, and upgrade their quality assurance strategy to check for both functional and structural software quality problems. Testing collections of contributed modules alone is not enough -- we need to also test against the whole integrated system to ensure that the new variables and call-outs work dependably and securely with the main body of code. For example, Salesforce.com requires that builders of custom code also build test harnesses, run those tests, and submit the results as well as the original and test code back to them for review. Only after review will Salesforce.com allow the introduction of custom code for a deployment into their Force.com platform. Open source projects should demand the same from their contributors.

If you are integrating open source software into your proprietary code, don't take quality for granted. You too should be running your own functional and structural quality checks against the introduced code as well as the whole integrated system. This means that those incorporating open source code should run their own traditional functional test suite, along with system-level static and dynamic analysis. It's always better to be safe than sorry, and advances in automated testing penetration testing, and static analysis, along with the availability of temporary resources in cloud computing have reduced the cost and effort of continuously running and verifying tests.

The Heartbleed bug was around for quite some time before finally being exposed. Don't leave the discovery of a lurking menace up to chance; be proactive and protect yourself and your consumers.

Sam Somashekar is the Program Manager for the Consortium for IT Software Quality (CISQ), an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introduce a computable metrics standard for measuring software quality and size. Founded by OMG and the Software Engineering Institute at Carnegie Mellon, CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk.

Last night, the US Senate unanimously passed the Digital Accountability and Transparency Act (DATA Act) which requires government-wide data standards for spending. As a member of the Data Transparency Coalition -- the trade association that advocates for data reform in the US government -- OMG is thrilled (and I personally as well, as a member of the Coalition's Advisory Board) that the United States is joining many other countries beginning to make their agencies' financial transactions easily available to their people. The bill will now return to the House of Representatives which it is expected to swiftly pass before making its way to President Obama's desk.

In addition to requiring the Treasury Department and the White House to establish government-wide data standards for federal spending information, the DATA Act will require all standardized data to be published online. By transforming federal spending from disconnected documents into open data, the DATA Act will create a new public resource for citizens, government managers, and recipients of federal funds.

OMG applauds the hard work of all those involved in the passage of the DATA Act, in particular the Data Transparency Coalition and the main Senate sponsors, Sen. Mark Warner (D-VA) and Sen. Rob Portman (R-OH). We stand ready -- alongside other standards organizations -- to develop and support the standards that will help make the US federal government more transparent.

Click here to learn more about the work on semantic data standards that the OMG Financial Services Domain Task Force is currently working on.

After more than 20 years in the technology industry, I attended my first Gartner Summit in Las Vegas last week. In fact, I attended two, back to back -- Business Intelligence (BI) and Analytics followed by Master Data Management (MDM). Yes, it was a long week. However, I came away educated, energized, and inspired by the spirited combination of innovative vendors, passionate attendees and thought provoking speakers.

Mark Jeffries, one of the excellent keynote speakers, advised that ideas are best communicated in threes (e.g., blood, sweat, and tears). However, I am going to ignore that advise and share six observations that made the week worthwhile, beginning with good news for those of us in the industry...

1. Technology is back! Respect for technology that is. CEOs want to be known for leveraging technology the way Google and Apple do. This is helping to drive exposure and investment for data projects.
2. BI/Analytics is a top concern for CEOs (2014 Gartner BI Study) and Data is a hot topic -- both conferences were sold out with more than 2,100 attending the BI event.
3. BI is evolving into data discovery -- canned reports are being replaced with interactive self-service tools for business users. 50% of organizations are looking at cloud deployment for their BI in 2014.
4. Search is transforming too. Google, Siri and others are making search more useful by using semantics to go beyond keywords to deliver results based on meaning. As with other consumer-first technologies, this is going to raise the bar for enterprise search -- the "question/answer" paradigm is coming.
5. Many organizations have appointed a Chief Data Officer, particularly in regulated industries. The CDO most often reports to the COO though some do report to the CIO. Gartner predicts that 17% of organizations will have a CDO by the end of 2014 and that this will continue to grow in coming years. The CDO typically owns data governance, strategy and quality and is the bridge for data between the business and IT.
6. Big data is a hot topic but still mostly experimental -- fewer than 8% of projects have made it to production. Many folks I spoke with view big data as a solution looking for a problem to solve or cheap and easy way to combine disparate data that is then difficult to consume. There is growing interest in conceptual model driven approaches to making the data more consumable. This increases the importance of emerging industry standard semantic models such as the Financial Industry Business Ontology (FIBO) from OMG and the EDM Council.

In addition to the general sessions, I also attended an excellent keynote presentation from Ray Kurzweil. Kurzweil is an accomplished inventor, now working on artificial intelligence at Google. You can read more about his thinking here but his most fascinating prediction is that we will conquer human aging through genetic engineering within 10-20 years. We could still be run over by a bus but Google is working on technology to fix that too (see self-driving cars).

In summary, Gartner should be congratulated on two excellent events with strong presentations, high-caliber attendees and flawless execution.

Marty Loughlin is Vice President, Financial Services at Cambridge Semantics Inc. Prior to joining Cambridge Semantics, Marty was the Managing Director for EMC's consulting business in Boston. His 25 year career has focused on helping clients leverage transformative technologies to drive business results, most recently in Cloud and Big Data. Prior to joining EMC in 2005, Marty was co-founder and COO of Granitar, a web consultancy that grew to 250 people in four years and served clients such as State Street Co., The New York Times and Standard & Poor's. Marty began his career in Ireland with Digital Equipment Co. He holds a B. Eng. from Dublin City University and a High Tech MBA from Northeastern University.

Dear OMG Members,

Today marks the 25th anniversary of OMG's founding!

The original press release announcing the formation of the OMG. Read in full here.

Though we've broken out the party hats and champagne glasses at OMG headquarters, we recognize that the responsibility for this accomplishment lies entirely with you -- our members.

On top of your already hectic schedules and day jobs, our members volunteer hundreds of hours to creating and perfecting OMG standards. We ask you to leave your workplace four times a year to attend technical meetings all around the world -- and you come. We request that you lend your expertise to case studies, panels, webinars and even just in one-on-one conversations with staffers -- and you're more than happy to help.

Your continuous dedication and support of OMG standardization efforts throughout the years is why OMG is the leading technology standards consortium. We cherish the personal relationships we have built with each of you over the years: we've reveled in your successes and commiserated your setbacks. We've laughed with you, worked alongside you, and rocked out with you at CORBA Jam.

To celebrate this exciting milestone, OMG will be hosting a party on the evening of Wednesday, June 18th at our Boston technical meeting. In the meantime, be sure to visit our anniversary webpage and sign our online guestbook at www.omg.org/25years.

Thank you for being a part of the OMG family for the past 25 years. We look forward to working with you for many more years to come.

Dr. Richard M Soley and the entire OMG staff