CRM and ERP News

Kaushal Chari, the head of an information technology department at the University of South Florida, finds himself in an unusual role these days: public relations person. Like many computer schools, his Information Systems and Decision Sciences Department has been hit hard by students' fears of offshoring and the related offshore outsourcing. Where his department once awarded 350 bachelor's and master's degrees in management information systems, it now graduates about 150.

Open-source security tools abound, so take advantage of them and avoid paying for commercial products if open source fits your needs. That was the message from Matthew Luallen, president of consulting firm Sph3r3, who spoke at the recent InfoSec Conference.

Pointing to two Web sites, Freshmeat.net and Sourceforge.net, as central repositories to find open-source software and information, Luallen told InfoSec attendees about the rich supply of vulnerability scanners, authentication software, penetration testing tools, antispam, intrusion-detection systems and more that exist as open source or freeware.

"The WiKiD Strong Authentication Server is a two-factor authentication server," said Luallen, referencing ones he thought among the most useful. Among other great security tools there for the asking are SpamAssassin, which can identify spam, Splunk for log analysis, NTop for anomaly detection, TrueCrypt for encrypting data at rest, and the penetration-testing tool BackTrack. He said all are examples of useful security tools that companies should consider securing enterprise networks.

"Technically, the Splunk Log Analysis is not open source but it's freeware, Luallen said. "It can interpret log files from almost any application out there. We have to know what's going on in our environment, whether it's Linux, Windows, switches, routers, whatever you will." He added Splunk has become particularly useful because it can make use of the SANS Institute Top 5 log-analysis scripts.

Luallen said he had a few caveats about using open source and freeware tools in enterprises, however. These open-source tools might be bought or their makers could abandon them. In addition, there's a risk that this easily available software could have a backdoor or malware in it, inserted either deliberately or because a hacker compromised it. "Anything you download off the Internet could have a backdoor or a 'phone home' associated with it," Luallen cautioned. He added some tools are also going to require a...

Salesforce.com has announced its first move in what is likely to be a larger push into the content management space: the acquisition last month of Koral Technologies. Salesforce.com is leveraging the small company's technology and content management platform as the building block for Apex Content, its own content management initiative. pex Content is a major extension of the Salesforce platform, built specifically to create content-based applications.

Salesforce.com on Tuesday introduced its latest acquisition to the world. CEO Marc Benioff said that document management is a core element of the company's platform strategy. That strategy has been rolling out in bits and pieces since the company announced its Apex platform last year. However, it should not come as any surprise to savvy market observers that things like document management would comprise part of the company's approach to the market.

Sooner or later every software company succumbs to the law of gravity that pulls down its pace of growth as it swells in size. Case in point: Revenue at Salesforce.com, the maker of software that helps corporations manage customer relationships, is expected to grow 45% this year, compared with 60% growth in 2006 and 76% in 2005. Like its peers, Salesforce.com will try to buck the trend by mining new areas, but it needs to do so without treading on the toes of the companies that build add-ons to its products that boost its own sales.

Salesforce.com Chief Executive Marc Benioff unveiled a potential solution at an Apr. 10 press conference in San Francisco, where he will announce the acquisition of startup software maker Koral Technologies and plans for a pair of products that can help companies manage the slew of documents, spreadsheets, PowerPoint presentations, and drawings that underpin their business -- all from within Salesforce.com's existing software.

Later this year, Salesforce.com plans to deliver software based on Koral's technology that can help users find computer files that don't reside in a database, based in part on how much weight other employees assign them, and a programming tool to let companies weave those functions into their daily work flow. Kendall Collins, senior vice-president of product marketing at Salesforce.com, says the company plans to knock on software buyers' doors in departments outside its traditional domains of sales and marketing. The new targets include human resources, finance, and legal divisions. "This is an answer to where Salesforce.com goes next," he says.

Salesforce.com declined to disclose how much it paid for Koral, a nine-person company based in San Mateo, Calif., but said the amount wasn't material. The acquisition closed in late March, Collins says.

Controlled Growth

Salesforce.com's customer-relationship-management (CRM) software helps sales reps schedule meetings, book orders, and...

Strauss Zelnick, the new chairman of Take-Two Interactive Software, hosted his first conference call with Wall Street analysts Tuesday -- and the questions were tough.

The company behind the popular Grand Theft Auto line of video games is embroiled in a messy accounting scandal. Its CFO resigned Monday. Founder and former CEO Ryan Brant was fined more than $10 million by state and federal agencies for accounting issues. Take-Two recently restated eight years of financial results.

Now, Zelnick, who was hired as part of a shareholder revolt, must repair the company's business -- and its reputation. "We promise that we'll operate with the utmost integrity," he says.

Take-Two is an extreme example of a tech firm putting money ahead of ethics, says Kirk Hanson, a leading business ethics professor at Silicon Valley's Santa Clara University. But it's hardly the only one.

More than 75 tech companies have revealed ethical violations and investigations, or been criticized over the handling of ethical issues, in recent months. It's a public relations nightmare, especially for an industry that portrays itself as innovators making the world a better place. (One of Google's corporate mantras is "Don't Be Evil.")

But investors don't seem bothered by the ethical flaps. Shares of Take-Two have doubled since the company revealed a Securities and Exchange Commission investigation into its finances in July. Dozens of tech companies have revealed similar accounting problems, many without major stock hits.

Shares of Apple are up 35% since the electronics maker said in August that an internal investigation had uncovered "irregularities" in its accounting. Shares of BEA Systems have changed little since it made a similar announcement in August. McAfee, the maker of Norton AntiVirus and other software, has seen its share price jump 26% since it announced the departure of its general counsel because of accounting problems in May.

Investors should...

One week after issuing the out-of-cycle ANI cursor flaw patch, Microsoft released five additional security updates to fix eight vulnerabilities as part of its monthly Patch Tuesday cycle. Redmond also corrected problems that last week's emergency patch caused customers.

Three of the security updates to the Windows operating system were rated critical. Hackers could use the vulnerabilities to install malicious code on a victim's PC. The fourth flaw addresses a vulnerability in Microsoft's Content Management Server software.

Davis Marcus, a security research and communications manager for McAfee Avert Labs, said the Microsoft Content Management Server vulnerability and the Windows Client/Server Runtime Subsystem (CSRSS) vulnerability are of particular concern.

"Both of these can result in remote code execution on affected systems," Marcus explained in a statement. "Combined with the popularity of browser or Web-based attack vectors, these vulnerabilities can be particularly dangerous. Consumers and enterprises should take these vulnerabilities very seriously and employ a risk-based management approach to make sure they are properly protected."

ANI Once Again?

The critical ANI cursor flaw patch, which fixed a problem in the way Windows handled animated cursor files, was added to April's Patch Tuesday mix.

According to Microsoft's security blog, last week's patch caused problems with some third-party applications, including TUGZip, a free file-archiving utility and CD-Tag, a program that turns CDs into digital audio files. But some security researchers believe the ANI issue is far from over.

"While Microsoft fixed the ANI vulnerability last week, a new Vista vulnerability has emerged and was addressed, leading experts to believe that this is the beginning of the weaknesses that we will see this year with Vista and that Microsoft's reuse of code from previous versions of Windows can weaken Microsoft's new Security Development Lifecycle," said Amol Sarwate, manager of the vulnerability research lab at Qualys.

Changing Landscape

Meanwhile, update MS07-021 addresses the...