For those of you old enough to remember, and if you’re not, you can ask that “crazy” uncle as every family’s got one, back in the 60’s many in the counter-culture liked to propose the question: “What if they gave a war and nobody came?” The apparent purpose of posing this hypothetical was to demonstrate that war was a binary choice, along the lines of: would you rather play Scrabble or Twister? Unfortunately, history continues to demonstrate that war, like youth sports, tends to generate more than its share of participation trophies. Although international conflict proved that it wasn’t the best vehicle for illustrating the potential ramifications of choice, this does not mean that other examples of this all or nothing mode of thought don’t present us with the opportunity to ponder new sets of imponderables. The latest entrant into this metaphysical sweepstakes centers on the Linux Foundations’ newly announced Open Security Controller Project, OSCP for short.
To understand this latest addition to our “life’s great question” series, a little background is in order. The idea behind the concept of providing a standard to catalyze the development of software defined security services is not new. Intel has given the matter a great deal of thought, only to conclude that they didn’t have the oomph to make the concept a reality. Enter the Linux Foundation, an organization that is certainly “oomph worthy”, and Intel offered up its new standards package to them. To date, however, the lack of development activity surrounding this new open source instruction kit has belied the old-adage about building a better mousetrap.
By all appearances, this lack of enthusiasm should be expected to be short-lived due to the potential benefits that this new open standard will bring to our lives. First, it offers DevOps a single pane of glass approach for orchestrating software-defined security services in SDNs. Coupled with that, it will also be vendor-neutral thereby enabling IT teams to choose the SDN and security providers they desire. Who doesn’t like choice? Of course, until we start seeing an increased level of enthusiasm, this new standard is the data center equivalent of the question, “If a tree falls in the woods and there’s no one there to hear it…” An interesting mental exercise, but no one is betting their SDN security on it. So, the issue facing the Linux Foundation is to convince the appropriate companies and developers that the OSCP is a standard that they want to show up to. Not an impossible task, but, since the folks at Intel aren’t exactly a bunch of pikers, it looks like it might be a little more difficult than first thought.
Standards are tricky things. A single organization, or group of organizations, endeavor to make life simpler and better for their compatriots by developing a blueprint and rules explaining how they can develop capabilities that enable them to compete in a marketplace. The upsides can be huge, but they also run the risk of unveiling something that the rest of the industry looks at and gives a big, “Meh”. To put this in a parlance that way too many of us can embrace, it’s the equivalent of the girl of your high school dreams telling you that she, “just wants to be friends”. Using this as a point of reference, the marketplace put Intel into the friend zone, and in response, they passed along their standard information to someone they viewed as more popular and influential with the Linux Foundation playing the role of high school quarterback. In essence, developing a standard that no one shows up for generates a feeling of loneliness that prompts the developer to seek out others who can rectify the situation. Thus, while war seems to be able to draw participants no matter how small the aggressor, standards development is often a function of what makes up the creator rather than what they’ve created.