As a hard-core Apple fan, I hope it doesn’t make the same mistake this time and make third-party development onerous. I love Apple’s sense of style and innovation. However, I don’t want to be locked into Apple as the sole provider of my
Mac and iPhone/iPod-based experiences.

But — you see what has happened? The iPhone and
iPod Touch are turning into a platform, and people are falling over themselves to get on board.

How does Apple manage to manipulate its developer base so effectively? Why do people put up with it?

Not that it matters how it feels. It just is. The good and bad thing about Apple is that everyone on the developer side is treated equally. Equally poor, yes, but equally all the same. So while Application Developer X may not be happy with the deal, at least she knows that Application Developer Y is also being shafted.

What do I mean? Well, Apple stonewalled against third-party developers on its mobile devices for years, and now has the same developers drooling over the opportunity to give away a third of their
iPhone revenue to Apple (even though they’re inhibited from collaborating with each other by Apple’s NDA).

An Apple spokesperson told The Guardian years ago that it kept the iPod platform closed because “Essentially, it’s a music player. We don’t want to spoil the experience [by opening it up to third parties].” This is the same reasoning that led to Apple’s initial bout with irrelevance decades ago.

commentary

The executives at rival smartphone software companies like RIM, Palm and Microsoft must be standing around with their mouths open: Apple got developers to be happy about giving away more than a third of their revenues?…

Why the furor to embrace this crappy deal? Because there is no other option. Apple’s mobile devices provide such a rich platform opportunity that giving up 30 percent and more of eventual revenues may feel like a deal.

Is [Apple giving its developer community a] great deal? It doesn’t matter; if that desirable date finally agrees to dinner, you don’t care that they leave you to pick up the bill. Who’d have thought you could emotionally manipulate people over an SDK?

“The combined install base of the PS3 and Xbox 360 now sits at 14 million,” Frazier said, “and surely huge hardware numbers will be driven by the release of GTA IV.

“Thirty-five hundred of our stores nationwide did midnight launch events,” Olivera said. “One thing was constant through all of it, that there were lines around buildings and down mall corridors” wherever GameStop’s stores were.

While it’s too early to know exactly how many copies of GTA IV sold Tuesday, the game’s launch day, anecdotal evidence suggests it will likely be one of the most successful launches in the entertainment industry’s history–if not the most.

While we may not know if that’s true until industry analyst firm The NPD Group reports April sales early next month, there’s reason to believe the Halo 3 record will be short-lived.

(Credit:
Rockstar Games)

‘Halo 3′ earned $170 million on its first day of sales. But Take-Two’s ‘GTA IV’ looks poised to break that record and become the single highest-earning entertainment product in history, including movies.

‘Grand Theft Auto IV’ could break the all-time entertainment industry record for first-day sales. That record is currently held by ‘Halo 3,’ which earned $170 million in its first day last September.

Last year, Microsoft took the unusual step of releasing first-day sales figures for its mega-hit Halo 3 because that game set the all-time entertainment industry record for launch day sales, $170 million.

(Credit:
Bungie)

According to Gamespot Trax, Gamespot users did 70,441 searches for “Grand Theft Auto IV” in the 30 days prior to its release, vs. 20,772 for Halo 3 and 10,598 for Guitar Hero III, another one of the best-selling games of all time.

“We are saying that the launch of this game is tracking to be one of the top three best-selling games,” said Chris Olivera, vice president of corporate communications for GameStop, “not of just this year, but the top three games in (our) company’s history.”

On the other hand, suggested NPD analyst Anita Frazier, if GTA IV breaks the Halo 3 record, Take-Two might find a reason to release the game’s first-day sales numbers itself.

Another metric of the intense interest in GTA IV: statistics from Gamespot’s Trax service, which measures site traffic for specific games.

Olivera concurred.

As Lazard Capital Markets analyst Colin Sebastian told me Monday, “The expectations for GTA were already justifiably very high. EA understood that when they made their bid…Every day that passes, they’re (going to be) losing out on GTA revenues, so they’re likely to lower their bid over time…But if GTA massively exceeds their expectations, that could be a scenario where EA might have to raise their bid.”

In the meantime, stay tuned to see if Take-Two issues any press releases about GTA IV Wednesday. If it does, I’m willing to bet that will mean Halo 3’s record will be history.

The latest title in what was already one of the most blockbuster game franchises of all time, GTA IV hit store shelves Tuesday morning with midnight madness events nationwide. The game had sparked controversy, with some politicians and critics calling for retailers to avoid selling it, but that didn’t seem to dissuade consumers.

It appears that Take-Two Interactive, the video game publisher EA has been trying to buy for the last couple of months, has a potentially record-breaking hit on its hands with Grand Theft Auto IV. And EA isn’t pocketing the cash.

So, as Take-Two’s executives are no doubt popping champagne and toasting the massive initial success of their new game, one has to wonder what the thinking is over at EA and whether it will have to modify its $2 billion bid for Take-Two.

“This (game) is definitely drawing people into (GameStop) stores to also pick up hardware,” Olivera said, “both the Xbox 360 and the PS3.”

Partly, that prediction stems from reports that GTA IV publisher Take-Two said it had worldwide preorder demand of 6 million copies of the game–or about $360 million worth at the game’s $60 price tag.

Frazier said that when GTA: San Andreas was released in 2004, there was already an install base of 25 million PlayStation 2s, the only console that game was initially released on. By comparison, GTA IV is coming out earlier in the release cycles of the Xbox 360 and PlayStation 3.

There are also comments, like those expressed to CNET News.com sister site GameSpot by Wedbush Morgan Securities analyst Michael Pachter: “There is no question that GTA will be huge. I think that the game will sell 11 (million) to 13 million copies by calendar year end, with probably 4 million the first week.”

Executives at Electronic Arts have to be kicking themselves right about now.

Yahoo is also testing the use of Google ads on a small percentage of its search pages. This could lead Yahoo to outsource its core ad search business to Google. As you might recall, Google and AOL have a connection. Google invested $1 billion in AOL in 2005 for a 5 percent stake, and it powers AOL search.

If Yahoo can logically show that it gets a 30 percent to 40 percent revenue lift on the test, then they have a story to tell–that, if combined with AOL, they have enough scale, cut down costs by outsourcing search and search ads to Google, and add to that a possible share buyback with Time Warner supplying the extra cash, the combination has earned the right to stay independent.

In some ways, Yahoo could be a loser as well, in that Microsoft would technically and financially be a stronger mate than AOL, especially in battling Google over the long-term.

Yahoo and AOL are reportedly in deep talks to join forces. Also note that the Time Warner unit recently acquired the social-networking site Bebo.

I never thought that Microsoft’s unsolicited bid for Yahoo could get so interesting. It’s taking on Shakespearian dimensions, with various factions lobbying, forming alliances, and establishing dowries for Yahoo’s favor. In addition, News Corp. may be lending aid to Microsoft in its quest to acquire Yahoo.

Rafat Ali of PaidContent said AOL and Google working together could help Yahoo stay independent:

We may find out soon whether AOL is really an alternative to Microsoft for Yahoo, and salvation for Time Warner, and whether Rupert Murdoch wants to get in bed with Microsoft. What we know, at this point, is that Jerry Yang is not saying, “Alas, poor Yorick.”

At the same time, The New York Times is reporting that News Corp. (and its MySpace.com) may be considering throwing in with Microsoft to help acquire Yahoo.

Under the terms being discussed between Yahoo and Time Warner, the latter would fold its AOL unit into Yahoo and make a cash investment in return for about 20 percent of the combined entity, people familiar with the situation said.

Over the weekend, Steve Ballmer gave Jerry Yang three weeks to capitulate, or Microsoft would take its case directly to Yahoo shareholders. Today, 69 days into the negotiations and posturing, with Microsoft seemingly in the driver’s seat, prognosticators are scratching their heads.

The deal, which wouldn’t include AOL’s dial-up access business, would value AOL at about $10 billion. As part of the deal, Yahoo would use the Time Warner cash and additional funds to buy back several billion dollars worth of its own stock at a price somewhere in the middle of the range, between $30 and $40 a share, the people said.

(Credit:
comScore)

The question for Yahoo shareholders will be which deal is best. AOL needs to find a home, and the combined AOL-Yahoo user base would be large. Getting leverage from the two audiences presents similar problems and overlapping to that of an MSN-Yahoo combination.

Google would benefit by the Microsoft block, its AOL relationship, and potentially a partnership with Yahoo, which would mean that Google is the big winner. Microsoft would be the big loser, if it doesn’t succeed in acquiring Yahoo. Of course, the antitrust regulators might have a say in the matter.

Given all the recent activity, Yahoo’s fate is less clear than when Microsoft was the only option. Perhaps, Yahoo has created an elaborate illusion to convince Microsoft to increase its bid.

The consortium, which launched in September with Google, Apple, Sun Microsystems and a collection of universities, noted Microsoft is coming aboard as a founding sponsor.

Kerberos aims to offer consumers the same single sign-on authentication and authorization system that corporate America has been using to allow employees to access network services with one log-on. Kerberos is an offshoot of MIT’s Project Athena, which was developed back in the 1980s.

Microsoft uses the Kerberos network authentication protocol in such products as its Windows 2000, Windows XP, Windows Server 2003,
Windows Vista, and Windows Server 2008. And Kerberos also serves as the main authentication tool in Microsoft’s Active Directory.

“Microsoft joining the Kerberos Consortium is significant,” Stephen Buckley, consortium executive director, said in a statement. “They represent a vast number of users of Kerberos. It is an important step forward towards our common ambition to create a universal authentication platform for the world’s computer networks.”

What’s next? Given its past troubles with its passport authentication efforts, is the next stop for Microsoft the Liberty Alliance Project?

Tech investor Larry Augustin does a good job of parsing the differences between building an open-source business in Europe and building one in the United States, suggesting that Europe is the better place to be to build an open-source business.

Fabrizio Capobianco, CEO of Funambol and an example of an open source-savvy European living in the United States, counters that while the European model of open-source adoption is good for the soul, the crass capitalism of American open source is better for business.

Personally, as an American working for a United Kingdom-based open-source company, I think they’re both right. However, when it comes to cash, I much prefer the United States, with its emphasis on paid adoption of open source, to Europe, with its emphasis on (mostly) unpaid adoption of open source.

As I’ve noted in the past, however, this does not mean that companies should neglect Europe in promoting their open-source products. At Alfresco, up to 50 percent of our sales come from Europe in some quarters (though not most, as I don’t like to lose or tie .

If, for no other reason than to hedge economic risk, it’s important to build a strong European base of commercial open-source adoption, something that Hyperic, JasperSoft, and other open-source vendors have been demonstrating lately.

By the way, both Larry and Fabrizio missed one of the biggest differences between open-source adoption in Europe and the United States: legal wrangling. In the States, intellectual-property indemnification is the biggest issue that a software company (proprietary or open-source) will negotiate with prospects. In Europe? They mostly want to make sure that the code will remain open, but generally speaking, contract negotiations are much, much easier than in the States.

It’s the one thing that makes paid adoption of open source a bit of a drag in the States, at least for me, since I negotiate Alfresco’s contracts stateside.

The group formation phase

Step 1: Use Tweetworks If you’re tired of waiting for Twitter to add group support, use a site called Tweetworks. It allows you to create or join groups. It only took about 10 seconds for me to set one up. Just put in the name and description of the group and you’re all set. It’s the simplest way to create a group and get it off the ground.

Tweetworks is a great way to start your group.

(Credit:
Don Reisinger/CNET Networks)

Step 2: Promote your group on Twitter It seems counter-intuitive to create a group on another service and promote it on Twitter, but that’s precisely what you need to do, since you’re trying to get all your like-minded friends together. Tweetworks offers an automatic tweet that allows you to input a few characters followed by a link inviting friends to join the group. But unfortunately, it’s not very informative. Do it yourself.

Step 3: Get informative And that brings us to the next point. Because Tweetworks doesn’t make its tweets informative, you’ll need to do the legwork yourself. Put your group and its topic area into your own tweets on Twitter and place it in your e-mail. I’ve found that simply putting “Join my tech-focused Tweetworks group” followed by a link in an e-mail is a good way to get people to join. And since you’re appealing to the Twittersphere, make sure all your tweets make it clear what your vision for your group is. For example, if you’re forming a New York Yankees group, updating your stream with a message like, “Join my NY Yankees Twitter group on Tweetworks” followed by a link to the page should do the trick.

Step 4: Make sure the group is active What good is a group if it’s not active? If people come back to your group every day to find out what’s being said and see what kind of links are being shared, they’re more likely to tell their own followers about it.

Step 5: Join other groups If you really want to grow your own Twitter group, you’ll need to join others. See, most of the people who actually want to join groups are doing it already. So the best way to promote your own group and add members is to engage those people on Tweetworks. I joined four or five groups over the weekend. After talking with other members and coming to the realization that we had similar interests, I asked them to join my own group that I created earlier in the day. By Sunday night, my small Tweetworks private group of 3 had ballooned to 25 members.

The maturation phase

Step 6: Move your group to Ning If you’ve grown a large Twitter group, it’s time you break out of Tweetworks and create a full-featured group that appeals more to your members. If you’ve never used it, Ning is a service that allows you to create a hosted social network, complete with blogs, videos, photos, events, and other features that you simply won’t have available to you in Tweetworks–for free. Even better, it’s just as simple to set up as Tweetworks and in a matter of minutes you can modify its design, add modules, and secure a unique URL. It’s the best tool available to shoulder the desires of a large Twitter group, thanks to its customizability.

Step 7: Get back to marketing and tweeting Now that you’ve relaunched your Twitter group on Ning, you’ll need to start marketing it and tweeting about it again. Since Ning offers so many more opportunities for your group to communicate and connect, you’ll need to market the new features. Once again, get in touch with your Twitter followers and tell them about your new and improved group and be sure to make it clear in any outgoing e-mail that your Twitter group has become a full-featured social network. Knowing video and photos have been added to a niche group makes it even more compelling for potential group members.

Step 8: Capitalize on Ning’s power Now that you have a more powerful group and more users are signing up each day, make sure you and your group members use the site’s new features. What good is a blog, video, or photos section if you’re not using them? I’ve found that Ning social networks are best when users are actively using all the features. And since much of the content will probably be tailored towards the group’s interests, users should find the photos and videos compelling.

Step 9: Don’t stop tweeting Although it might be tempting, you can’t spend all your time in your group. Twitter is designed to be a community for everyone to share ideas and if you’re not an active part of that community, your group won’t grow nearly as quickly as you might like. You can’t lose sight of the fact that without Twitter, you wouldn’t have a group. Staying active on Twitter can keep any online group growing.

Step 10: Have fun Until groups make their way to Twitter, you’ll need to find a way to connect with followers and discuss topics that you really care about. There’s no better way to do that than with the help of Ning and Tweetworks. And once you get some users into your group and start messaging back and forth about common interests, you’ll see why harnessing those tools’ power to form your own group was worth it.

Also, on the quad-core front, AMD said Wednesday that Dell is offering five server platforms based on the AMD “Barcelona” Opteron processor.

Gateway model GT5670 with Phenom X3 is priced at $549

(Credit:
Best Buy)

The AMD Phenom X3 8400 (2.1GHz) and 8600 (2.3GHz) are the first mainstream x86 processors to use three cores. “The value proposition is simple. Three cores versus two cores. You make the choice,” Pat Moorhead, VP of Advanced Marketing at AMD, said in a recent interview.

The Gateway model GT5670 packs an X3 8400 processor (2.1GHz) with 2MB of L3 cache memory, 3GB (PC2-5300 DDR2) of main memory, an Nvidia GeForce 6150 SE graphics card, and a 320GB Serial ATA II hard disk drive with 8MB cache (7200 rpm). This configuration goes for $549 at Best Buy.

The HP Pavilion a6430f is eerily similar. It also comes with an X3 8400 Phenom, 3GB PC2-5300 DDR2 memory, and Nvidia GeForce 6150 SE graphics. However, instead of a 320GB hard disk drive, it doubles the capacity with a 640GB drive. This system is priced at $679. HP also offers the Pavilion a6450z series on its Web site with the X3.

The eMachines J4509 is being sold in Japan and features an X3 8400 and AMD 780G integrated graphics. With a 19-inch LCD display, it retails in Japan for just under $1,000.

The initial Phenom X3 processors will ship as the B2 “stepping” or version. The follow-on versions in the channel will be the B3, said Moorhead. The B3 version fixes the TLB bug, which AMD has said all along is an extremely rare occurrence and affects virtually no one except, possibly, very high-end customers. Any chips designated with a “50″ suffix will be a processor that implements the fix in silicon.

AMD also recently announced the availability of four new Phenom X4 processors with the TLB bug fix. Led by the AMD Phenom 2.5GHz X4 9850 Black Edition processor (which is designed to be overclocked) and 2.4GHZ 9750, these CPUs will be matched with the AMD 790 series chipsets. The quad-core Phenoms are targeted at higher-end gaming segments.

In related news, AMD announced Wednesday that Dell servers using the quad-core AMD “Barcelona” Opteron processor include the PowerEdge SC1435, 2970, M605 blade server and 6950 platforms, as well as the new PowerEdge T605 tower server. Dell follows HP which already lists its ProLiant G5 servers with quad-core Opteron processors.

The following product is available:

On Sale Now: $522.99
View the latest prices for HP Pavilion a6430f (Phenom X3 8400 2.1GHz, 3GB RAM, 320GB HDD, Vista Home Premium)

The new application called MyMoneyManager will provide online banking access to accounts with BB&T, Citibank, IBC Bank and PNC Bank. Subscribers with accounts at these banks will be able to check balances, pay bills, and find nearby branches with ATMs using the application on their phone. Sprint subscribers must have a Web-enabled phone and a wireless data plan to access the service.

The MyMoneyManager application is available at no additional charge to Sprint data subscribers. In the future, Sprint plans to preload MyMoneyManager on phones. It will also include additional banks and other financial service providers.

The application also comes with a special Send Money feature from PayPal. This feature allows mobile users to check their PayPal account balance and send money to other PayPal users.

Visa also announced several mobile initiatives Thursday. The credit card processing giant said it will allow its credit card customers to transfer money, make payments, and receive real-time account notification alerts on their Nokia phones and cell phones using the
Google Android operating system. T-Mobile USA announced the first Android-based phone, the G1, earlier this week. Visa also struck a mobile deal with U.S. Bank, allowing individuals to make money transfers from one Visa cardholder’s account to another.

The mobile banking and bill paying market is set to explode over the next several years, according to Celent, a Boston-based financial research and consulting firm. For more on that story, check out CNET News on Friday for a more in-depth feature on mobile banking and bill paying.

The software visionaries at the Mozilla Corporation, which makes the popular
Firefox web browser, have taken the approach that creativity and functionality is king–even if security has to take a backseat. Case in point: The widely praised “Ubiquity” software add-on, which brings an amazingly rich and extensible new form of interaction to the Firefox Web browser.

The technology press has showered praise upon the developers of this software tool. However, in prioritizing functionality over security, Mozilla Labs punted complex trust choices to end users–the vast majority of whom are ill-equipped to make such decisions. The end result is that the hundreds of thousands of users of Ubiquity face a significant risk of browser hijacking by attackers, which could result in the theft of e-mail and online banking account information.

Mozilla's Ubiquity in Action

The Ubiquity add-on brings a new form of command-driven interaction to the Firefox Web browser. Using the tool, a user can perform actions based on the contents of a page–such as translating the foreign text on a page into English, or generating a Google map of a highlighted address. While this is certainly cool, it is the extreme extendability of Ubiquity that makes it a truly compelling tool.

One of the main design goals for Ubiquity was that it should be extremely easy for users to be able to create their own commands, which they could then share with others. As a result, a useful command can be whipped together in a couple lines of JavaScript–for example, allowing a user to send a Twitter message from within the browser. Aza Raskin, the head of User Experience at Mozilla Labs summed up the goals of Ubiquity in a blog post introducing the tool:

The fundamental problem is that extending the browser, and hence the Web, is too difficult. The closer new browser functionality can be packaged to look like standard HTML and (Javascript), the larger and more diverse a community will create it. The desktop paradigm for extension development, while powerful, has a high cost of adoption. Right now we have a short tail of browser functionality with thousands of add-ons. There should be millions. We can get to that long tail using a more Web-like model for functionality development–tools that are accessible to hobbyists and tinkerers, but that scales to professionals.

Mozilla Labs was hugely successful, and within a week of the first public beta release of Ubiquity, over 100,000 users downloaded and installed the tool. Even more telling, is the number of commands that have been created and shared by users. The Ubiquity Wiki lists 300-plus different commands, while Mozilla’s Raskin wrote in his blog that “thousands of commands (have been) written for Ubiquity” and that “in under a week, we have a roughly comparable number of Ubiquity commands as there are Firefox extensions.”

Mozilla does not release stats on the number of downloads, but given the rapid adoption of the browser add-on, it is quite reasonable to assume that by now it has been installed by at least 250,000 users, if not far more.

The Ubiquity command installation screen

No security, no problem

The success of Ubiquity has come at a high cost–the Mozilla Labs team completely punted on the issue of security, and made users responsible for judging the safety of downloadable Javascript, something that few of the hundreds of thousands of its users are likely able to do.

When a user wishes to install one of the thousands of publicly available Ubiquity commands, they are first taken to bright red warning screen. The user is clearly told the risks that they face should they accidentally install a malicious command, and then they are given the opportunity to read through the command’s JavaScript source code in order to see if it is good or evil.

The vast majority of the users on the Web are not able to read JavaScript. Even those skilled users that know enough to throw together a Ubiquity command or two are unlikely to be able to properly assess the security of someone else’s code. This point can be clearly driven home by looking at the success of the Underhanded C Programming Contest, in which users submit code that “looks” clean and safe, but which actually performs evil actions.

Furthermore, while Mozilla has been surprisingly frank with users about the risks they face when installing commands, this approach of education and disclaimers is simply not enough. It is totally unreasonable to offer a shiny, awesome and powerful new tool to the Internet at large if clicking on a wrong link could result in a user suffering identity theft or worse. Bruce Schneier has often said that humans are really bad at judging risk, and so of course, the vast majority of Ubiquity’s users are going to install foreign and unknown commands, simply because they offer awesome functionality.

Security Warnings in Ubiquity

In addition to the general problems of untrusted JavaScript, Ubiquity also suffers from significant security issues due to the ability to auto-update commands. By checking a box, a user can permit the browser to automatically upgrade commands whenever the author releases a new version. This option creates two major issues.

First, a developer could release a legitimately useful command, wait until thousands of users have subscribed to it, and then send out a malicious update to those users that have enabled auto-updates. Since users only get to see the JavaScript at the time of first install, they face significant risks from future malicious updates.

Second, command updates are currently served via non-encrypted HTTP connections, and the Ubiquity infrastructure lacks the code-signing functionality that is provided to Mozilla add-ons. This creates a significant potential for man-in-the-middle attacks against the Ubiquity update process, particularly when users are connected to the Internet via a public wireless network. Last year, I revealed that a number of toolbars for the Firefox 2.0 browser were vulnerable to this same type of attack. This flaw was eventually fixed by moving the distribution of commercial browser-addon updates to SSL-encrypted servers.

The Mozilla Labs team has recognized these risks, and has plans to fix them at some point in the future. However, for now, users of Ubquity remain vulnerable to attackers, particularly those who have opted to allow automatic updates of commands.

In releasing Ubiquity, the Mozilla team also created a Web site it calls the Herd, which enables users to opt-in to reporting which commands they have installed. Thus, one assumes, if 20,000 other users have installed a command, it is probably safer than one that five other people are using. While better than nothing, Herd is still very new, and due to the pro-privacy opt-in model chosen for data reporting, it only captures a small slice of the Ubiquity user base.

When asked to comment on some of the security issues, Aza Raskin issued the following statement regarding security issues in Ubiquity:

Mozilla Labs is a shared space for exploration for future user experiences on the open Web. It’s a place where we, as a part of larger community, can experiment and iterate on new ways of interacting with the Web, having the Web fundamentally enhance the browsing experience. It’s also a place where we can safely explore new security and trust models among a technically savvy group, before bringing them to a wider audience.

The Herd is one way of trying to involve the community as a corner-stone of solving the security problem. It’s still in its infancy. We are working towards creating an open API so that everyone can pitch in to create a safe place for everyday users to get commands. Just like Ubiquity UI not being right yet, neither is the Herd.

Eventually, I expect there to be hybrid models. Mozilla, and other trusted sources (think folks like Bruce Schneier), will vet core and recommended commands. The Herd, enhanced by numerous metrics of “browser health,” will constantly be watching for bad actors. Clearly, we don’t expect end users to need to read code–and we do plan on adding manifests of some form to sandbox certain types of commands. Right now, however, the emphasis is on empowering verb authors to be generative.

Raskin did not answer specific questions posed by this blogger, and neither he nor Dan Veditz, Mozilla’s security lead, would confirm if the Ubiquity code base was audited by members of Mozilla’s security team before being released to hundreds of thousands of users. I’d be willing to bet a few beers that it hasn’t.

There is of course a legitimate reason to release beta software, even when it has known security flaws. Were Ubiquity available only to those Web programmers proficient in JavaScript, this wouldn’t be an issue. However, when hundreds of thousands of people are using your product, you can no longer reasonably hide behind the claim of “beta.”

On Wednesday, HBGary announced that Andy Purdy has joined their advisory board.

Purdy, while a member of the White House, co-drafted the 2003 edition of the National Strategy to Secure Cyberspace, then joined the Department of Homeland Security. There, he served on the tiger team that helped to form the National Cyber Security Division (NCSD) and the U.S. Computer Emergency Readiness Team (US-CERT). He went to head both organizations and was dubbed by the media as the “cyberczar” of the United States until DHS appointed Greg Garcia as assistant secretary for cybersecurity and communications.

In 2006, Purdy oversaw the first large-scale mock cyberattack, code-named Cyber Storm. A second mock attack, under Garcia, was held earlier this year.

In August, HBGary has announced a partnership with McAfee to provide forensic tools for its enterprise offerings. HBGary specializes in monitoring information systems for external and internal threats.