Are international standards organisations no longer incorruptible?
- 08 October, 2008 13:55
For the last several months Microsoft has been pushing for their Office Open XML (OOXML) office suite file specification to be accepted as an international standard by ISO, presumably to help them gain traction for future government contracts (look, this file specification is an ISO standard, it must be good).
As far as ISO/IEC DIS 29500 is concerned, it continues its steady progress towards standardship, however it seems that Microsoft's push towards this goal hasn't been without its bodycount. While the ISO site lists 29500 as a deleted standard, complementary reporting shows the process is still ongoing and OOXML will soon become ISO/IEC IS 29500.
In an ideal world, standards bodies would be incorruptible and lead to the publication and adoption of consistent standards across the user communities. Anyone who has followed the OOXML progress through ISO would think otherwise. The ongoing stoush regarding Microsoft's effort to get the ODF-killer that has yet to be properly implemented through the standards body has claimed some high profile casualties, with the national Standards body of Norway effectively self-destructing after 13 of 23 members of the technical committee resigned in disgust.
ODF itself may be on shaky legs, with reports that the ISO/IEC committee responsible for overseeing OOXML (SC 34) is pushing to have control over ODF (ISO/IEC 26300), as well. With Microsoft controlling a large percentage of SC 34, many of the same people who objected to OOXML's move towards a standard have begun to sit up and take notice of this latest move.
The big fear amongst these people is that if SC 34 is able to take control over ODF from OASIS (the body currently responsible for ODF), then Microsoft might try to leverage its voting bloc on SC 34 to neuter the competing specification.
Even if both formats are accepted as standards, there will be plenty of material available for security researchers to dig through. Reading through ISO/ECMA standards, or even RFCs, might not be fun for everyone, but there is an important security aspect to having well documented standards.
In the first case, documented standards will highlight design flaws. It could take years for design flaws to make themselves apparent , or at least widely publicised.
In the second case, documentation serves as a reference point that can be used to find weaknesses or deviation in individual implementations. Once the major design flaws have been rectified, this is the aspect that will provide the greatest number of opportunities to uncover security weaknesses or other shortcomings.
So, even if international standards bodies have been shown to be vulnerable to external pressure and can be gamed much like any other corporate body can, the products that they produce will still have relevance to developers, end users, and security researchers alike.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Best Practice in BYOD
The key trend affecting enterprise mobility today can be summarized in four letters: BYOD – Bring Your Own Device. As the number of end-users bringing devices into your organization grows, so does the need for an effective Enterprise Mobility Management (EMM) solution. Learn how to manage devices across multiple platforms all from a single, centralised and unified management console. Download for more!
Clearing the Clouds for Midmarket Businesses
Cloud computing promises to help midmarket companies reduce cost and complexity in the IT equation – and gain the flexibility and agility they need to thrive. Yet charting a clear course to the cloud isn’t always easy. In this paper, we aim to clear the clouds. We examine different cloud computing models, discuss the types of requirements that each can best address, and consider what midmarket businesses should look for in a cloud solutions provider.
HP Helps NEC Reduce Network Management Costs and Gain Efficiencies
NEC wanted to reduce network management costs, while increasing network visibility, decreasing mean-time-to-repair, improving stability and mitigating the risk of downtime. Download today to hear from Cameron Craig, Senior department manager of NEC on what approach they took and why.