Security tzar slams feature frenzy . . . . . . at the expense of "the science behind security." Yes, Ed Reed's Novell business card really does read "security tzar." He thinks the industry is three to five years away from delivering systems that are truly secure, especially for B2B Internet operations.

Web services proponents may be the furthest from delivering secure systems, he argues, "because they presume a degree of interconnectedness of supply chain providers that includes levels of trust and confidence that are required in bilateral agreements." And those, he says, "simply do not scale in Web services." What's missing? Reed says it's managing the liability and risk of transactions. Until there are Web services that, for example, offer insurance companies secure tools so they can establish normal business processes for risk management, the effect of Web services in the supply chain will be minimal. So, are Web services for B2B a waste of IT's time? Nope. They will thrive behind the firewall in bilateral-type operations, much like RosettaNet Inc. today, says Novell Inc.'s security tzar. Still, taking security advice from a tzar might have its own risks. Weren't the tzars isolated from the real world and ultimately kidnapped and murdered by rebellious hackers of a different sort?

Until Reed's vision of security is achieved, how do you protect IT assets from the digital Trotskys and Lenins lurking on the Internet? With feature-laden products, of course. One to consider is the SafeWeb SEA Tsunami. The Linux-on-Intel hardware appliance starts at US$9,995 and includes a firewall, encryption, integration of established LDAP directories for user authentication, a secure portal and automatic links to applications on your network. Lest you think this is more dangerous than secure, Emeryville, Calif.-based SafeWeb Inc. was one of the CIA's venture capital investments back in 2000. And it's already securing Web access for 55,000 U.S. Navy reservists around the world who use the Web to get medical claims data. Next quarter, SafeWeb will add an SSL acceleration card, and by the end of 2003, CEO Jon Chun boasts, the appliance will be fully HIPAA-compliant.

Intel Corp.'s big gamble is to persuade ISVs to stop writing code for its chips. The microprocessor giant is evangelizing the need to abstract software development away from the chip itself, says Keith Uebele, principal strategist for Intel's software and solutions group. While at first glance that might seem, well, nutty to the rest of us, it makes sense to Uebele and his bosses. Let's face it, when your market share approaches total world domination, grabbing a bigger piece of the pie you already own isn't the primary objective. Rather, it's more frequent upgrade cycles. But as the wise folks at Intel know, if applications are written to take advantage of specific hardware capabilities, there's no incentive to upgrade. Hence, Uebele and his troops have been pushing for ISVs and big IT shops to write code in Java and, recently, in .Net. Intel promises to optimize its chips so the runtime libraries for those applications will run faster and deliver more features without programmers having to concern themselves with writing hooks for the CPUs. But Uebele acknowledges that the strategy isn't without risks. Chip makers such as Advanced Micro Devices Inc., Transmeta Corp. and even IBM Corp. potentially could play the same game a little better. No wonder Intel brags about its paranoia. That's part of its strategy.

If you're worried about keeping track of a Web site full of product-catalog data, you were probably pleased with the release this week of Cardonet Product Master 5.0, the renamed 4.0 version of eCatalog Automation Platform. But keep your eyes open in the first half of next year, when Santa Clara, Calif.-based Cardonet Inc. unveils tighter integration with print systems, such as Adobe Acrobat, and a broader array of automatically assigning multivalue attributes to products in your online catalog.