The dangers of monoculture software

The U.S. Computer Emergency Response Team (CERT) issued an advisory last week warning about a major bug in Internet Explorer that allows remote Web sites to get access to your computer under certain circumstances. CERT has recommended switching to another browser, like the excellent Open Source (free) FireFox.

Apparently, many organizations and companies are not able to do so because they have built their Web sites to work only with Internet Explorer. Microsoft has encouraged this by building non-standard features into IE that offer some advantages to lazy developers who don't want to bother testing their Web applications with multiple browsers. Microsoft gambled that using their monopoly power to drive other browsers out of existence would give them even more control. It would have worked if they had been diligent about testing their own products for bugs and loopholes.

Unfortunately, it is almost a full time job to keep up with Microsoft-related security advisories on their various Web products; the MS web server, IIS, has been the subject of numerous security alerts.

Any time an organization creates a software dependency based on a monoculture environment (using a single piece of software or only the products of a single vendor), risks are incurred. And it really has nothing to do with Microsoft. It's only a small amount of additional work to make Web apps work with virtually all Web browsers, and for a business, it could mean picking up 4-5% more customers for little or no additional cost.

For internal business operations (e.g. a company intranet), it's just good planning to be able to switch easily between browsers, between database products, or between development tools. Your IT department may choose to focus most development on a single product line or platform, but should always have a a few projects or staff working on other platforms or in alternate development environments. In part, doing so is just research and development--sometime less expensive alternatives emerge, or better ways of doing things.

Beware of any IT manager or developer who claims that there is no need to look beyond your current software or IT vendor. It's lazy thinking that may be putting your organization or business at risk.

Technology News: