For the last several months Microsoft has been pushing for their Office Open XML (OOXML) office suite file specification to be accepted as an international standard by ISO, presumably to help them gain traction for future government contracts (look, this file specification is an ISO standard, it must be good).
As far as ISO/IEC DIS 29500 is concerned, it continues its steady progress towards standardship, however it seems that Microsoft's push towards this goal hasn't been without its bodycount. While the ISO site lists 29500 as a deleted standard, complementary reporting shows the process is still ongoing and OOXML will soon become ISO/IEC IS 29500.
In an ideal world, standards bodies would be incorruptible and lead to the publication and adoption of consistent standards across the user communities. Anyone who has followed the OOXML progress through ISO would think otherwise. The ongoing stoush regarding Microsoft's effort to get the ODF-killer that has yet to be properly implemented through the standards body has claimed some high profile casualties, with the national Standards body of Norway effectively self-destructing after 13 of 23 members of the technical committee resigned in disgust.
ODF itself may be on shaky legs, with reports that the ISO/IEC committee responsible for overseeing OOXML (SC 34) is pushing to have control over ODF (ISO/IEC 26300), as well. With Microsoft controlling a large percentage of SC 34, many of the same people who objected to OOXML's move towards a standard have begun to sit up and take notice of this latest move.
The big fear amongst these people is that if SC 34 is able to take control over ODF from OASIS (the body currently responsible for ODF), then Microsoft might try to leverage its voting bloc on SC 34 to neuter the competing specification.
Even if both formats are accepted as standards, there will be plenty of material available for security researchers to dig through. Reading through ISO/ECMA standards, or even RFCs, might not be fun for everyone, but there is an important security aspect to having well documented standards.
In the first case, documented standards will highlight design flaws. It could take years for design flaws to make themselves apparent , or at least widely publicised.
In the second case, documentation serves as a reference point that can be used to find weaknesses or deviation in individual implementations. Once the major design flaws have been rectified, this is the aspect that will provide the greatest number of opportunities to uncover security weaknesses or other shortcomings.
So, even if international standards bodies have been shown to be vulnerable to external pressure and can be gamed much like any other corporate body can, the products that they produce will still have relevance to developers, end users, and security researchers alike.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Taking On Demand CRM Integration to the Next Level
Know thy self: Reduce costs, secure data and ensure compliance with identity management
Delivering the Power of Choice with Microsoft Dynamics CRM
CRM your salespeople will love
Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Enterprise Wireless WLAN Security
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Vignette Announces 2008 Excellence Awards 2008-11-21 10:50:00+11
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 2008-11-20 17:34:00+11
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 2008-11-20 12:06:00+11
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 2008-11-20 12:04:00+11
AARNet Brings 4K Digital Cinema to Australia: First 4K HD Video Signal delivered into Australia by AARNet 2008-11-20 12:02:00+11
Everything you need to know about email and web security (but were afraid to ask)
What you don’t know can destroy your business. It’s hard to imagine modern business without the internet but in the last few years it has become fraught with danger. Read on to discover how internet security can give your business a competitive advantage.
Buying Guides
Latest Products
Buying Guides
