Sorry for the long hiatus from the blog pages. We have a series of press releases rolling out in the next several weeks (off of the one we posted about our 3.0 solution release this week). Hopefully I can point to the work in those releases as my excuse for not blogging on important IT transitional issues over the last several weeks. 
But I have actually done a comment or two. Check out these threads on the Gartner site. I think you’ll find them of interest:
Leave a Comment » | 
General, Security, Trusted Ecosystem | 
Permalink
Posted by wyatt
Well, well, well… look at this. Microsoft is unfurling more and more layers of its next-gen computing and software strategy – especially with regards to virtualization.
(Ok, a required disclosure: We are currently under NDA with Microsoft and have some confidential knowledge around certain roadmap and product plans, but NOTHING in this blog post is based on any inside knowledge derived from, or in any way based on, those confidential discussions).
See:
The reason I wanted to blog on this is in relationship to the IT in Transition theme is that, as I have written in several blogs, the entire landscape of the endpoint is changing. A lot of people see this, so this view is in no way unique or revolutionary to us.
A couple of posts ago I blogged on the coming Endpoint Wars of 2009. In order to make that post digestible, I intentionally left a detailed and deep discussion about the impact of virtualization and hypervisors out of that post.
Let me add a bit of my color (and opinion) here:
Quoting from David Marshall’s article:
So what’s new and different? Didn’t they already release Hyper-V? This platform is slightly different from the version found in Microsoft’s Windows Server 2008 operating system. According to Microsoft, it provides a simplified, reliable, and optimized virtualization solution for customers to consolidate Windows or Linux workloads on a single physical server or to run client operating systems and applications in server based virtual machines running in the datacenter. And it allows customers to leverage their existing tools, processes and skills. But perhaps best of all, Microsoft is making this product a no-cost Web download — yup, it’s free!
Yup, it’s free.
Also from the article:
The provisioning and management tools are based on Microsoft System Center, providing centralized, enterprise-class management of both physical and virtual resources.
And the management mechanisms and tools are “above platform” as we’d expect, with Microsoft System Center being adapted as the management framework, as we’d expect.
So the Hypervisor (HV) wars are in full force now as well. Obviously this is just the leading edge of the one of the fronts of the Endpoint Wars.
Seems like the three major battlegrounds are VMWare, Citrix and now Microsoft. If highly capable hypervisors are going to be “loss leader” in any go-forward virtualization platform strategy, then where will the value and revenue shift to as the traditional demarcations are realigned?
Our guess is that more of the instrumentation will be subsumed into the platforms (as we have stated for quite some time) including into the HV. This obviously will force more of the method “above platform” including image management and enforcement. And where does traditional infosec (AV, IDS, etc) move in this new world?
Think services.
And these services will go well beyond software streaming, and likely include image management and high-assurance software and full software stack delivery methods.
And platform intrinsic security and compliance “instrumentation”, supported by above platform validation and attestation methods, will likely become commonplace.
Food for thought.
Wyatt.
4 Comments | 
General, Security, Virtualization | 
Permalink
Posted by wyatt
Over the last couple of months our friends at Symantec have readied and released Norton 2009. We hope that the engineering team is taking a long rest after the significant effort to bring this new offering to the market!
Norton 2009 is touting the use of “whitelists” as a part of the offering. See:
http://keznews.com/4878_Norton_2009_tackles_whitelisting
From the article:
Symantec has adopted whitelising techniques in an effort to dramatically improve the performance of its upcoming Norton 2009 security suite, according to the company’s vice president of consumer engineering, Rowan Trollope.
Trollope admitted that poor performance was the main reason Norton Internet Security customers abandoned previous versions of the product. In the next version, he explained, a “whitelisting approach” significantly reduced the amount of time scanning files that are known to be safe.
It is very interesting to see another use case and value definition for whitelisting. Not that we agree, mind you. It is just interesting.
All of the AV vendors are seeking ways to deal with “Blacklist bloat and overhead”. The use of “smart whitelisting” in an AV product is an interesting way to address this need. Essentially what the Symantec team realized is that there is no need to constantly scan and rescan good code. Bravo.
But what they missed is that this is not the real and valuable use case for code whitelisting in the longer term.
As discussed before in this blog, whitelisting is not a direct replacement for blacklisting. Blacklisting, in its pure form, is about discovery and hopefully the blocking/immunization of “malicious code” – code intentionally built and distributed to damage compute platforms and increasingly used to steal private information.
Whitelisting, in its pure form (admittedly by our definition) is about making sure that the “good and desired code set” remains in a good and desired integrity and configuration state over the entire usage life cycle of the software stack (physical or virtual).
In order to make this work in practice, one needs to redefine the architecture of computer security and systems management from end-to-end. Simply tacking whitelist onto an existing blacklist solution does not yield the real benefits that can be achieved with true whitelisting.
The test of true whitelisting is really driven by more fundamental benefits like improved computer stability, security and compliance – leading to higher availability (increased MTTF and reduced MTTR). Importantly these benefits should be delivered with LOWER operational costs than we have now. This means that we need to lower the people costs associated with delivering computer availability and capacity. This means we need to increase our visibility to ALL of the risks to computer stability, including malicious code. This also means that we need to instrument and automate IT best practices.
Positive IT Controls are the answer. We are making steady progress in “flipping the model” from blacklist to whitelist – but don’t be fooled. Norton 2009 is not really a “whitelist solution”. Real whitelist solutions will be very common as a true and vendor agnostic, high-provenance whitelist eco-system evolves. And as the endpoint wars begin to settle down in 2009.
Keep your eyes on these pages for more on this.
Wyatt.
4 Comments | 
General | 
Permalink
Posted by wyatt
Ok, let’s face it. Our customers don’t want “yet another” endpoint agent to perform some function that could and should have been done “out of the box” by the hardware or software platform.
(Our definition of an Endpoint: Any computing device that runs code including servers, workstations, desktops, laptops and even PDA’s and other smart handheld devices)
The reasons are clear:
Any new software included in a production build of the enterprise software stack adds complexity, increases risk, and adds cost.
Often the value of the agent/client (tacked on to the dozen on more agents included in the stack already)is offset by the testing costs to make sure that the new agent/client doesn’t negatively impact the (often delicate) stability of the stack itself.
These risks are particularly acute with many IT security and systems management agents, as these agents often seek to “hook the kernel” in order to detect and/or block events and actions that are not easy to see without deep connections into the platform and/or operating system.
We are asking customers to stack risk on top of risk at a time where the value of the traditional agents/clients is increasingly marginal to the functionality, security, or uptime of the IT device.
So what happens next you ask? Well get ready for the endpoint wars of 2009.
A few things are increasingly clear:
Nothing “new” gets into the low-stack of our customers production software gold images unless its adds significant value.
This likely means that “yet another virus detection tool” doesn’t stand much of a chance for inclusion. Methods that add proactive and positive control and/or flexible application control will likely make the cut for certain customers against important emerging uses cases. In cases where the positive image management and whitelist-feeds are delivered through existing 3rd party agent framework, these agents MUST be repurposed to support the new use cases for positive image control and whitelist.
As mentioned before, whitelist and blacklist methods are not, and never will be “pin for pin” replacements for each other. While certain aspects are complimentary, high-resolution image management based on whitelists provide significant new leverage for customers in terms of IT reliability, stability, compliance – leading to greatly enhanced system availability and reduced TCO.
We see these new “whitelist methods” as holistic solutions involving software image management and control, likely fed by very high-quality “whitelist” software measurements (hashes). The methods are intended to enforce some simple, but important (and largely new use case) policies:
We also see more and more of the agent functionality being subsumed into the platform, both into the hardware and the software. This would indicate that the low-stack suppliers must take a more proactive role to protect and enhance their brands.
Clearly these are the chip guys, the OEM and retail platform providers, as well as the operating system (OS) and business application software providers.
Now here’s at least one of the wild cards: What happens as we move more to virtualized platforms? These are low-stack players also. Shouldn’t hypervisors and virtual machine (VM) software management tools play a role in how the stack is built, secured and maintained?
Of course they should. Now is the time to make sure we don’t make the same mistakes again.
So we are heading for a real battle. There is not enough room in the platforms for all of the vendors that want THEIR agent to be top dog. There are way too many people vectoring for way too little real estate. Also, the key real estate is really controlled by the low-stack vendors first, and by our customers second.
So place your bets quickly people. The endpoint wars of 2009 have already begun. In fact they are in full bloom. The vendor collisions will clearly occur in 2009, and then it will likely take another year or so for the dust to settle.
At this stage we can’t stop the resulting impact and resulting collateral damage – the market forces are already in play.
If we (as vendors) haven’t moved to a safe and defensible position to add customer value by now, it is likely too late.
Wyatt.
I mentioned there were two notable items (from our very objective perspective) at Blackhat/DefCon.
I wrote on one already. Here is the other based on this blog from the Symantec website:
https://forums.symantec.com/syment/blog/article?blog.id=emerging&message.id=109#M109
On the opening day of BlackHat 2008, Symantec commissioned an anonymous survey among the attendees to learn about contemporary views on security related topics, such as vulnerability research, future threats and trends, and what types of challenges we as security professionals will collectively face in the coming year.
Whitelisting:
Almost a third (34%) of respondents said that they implemented some form of whitelisting within their organization (39% said no, and 26% actually didn’t know!). Note that whitelisting may not necessarily apply to all systems, but could be restricted to specific machines. For example, most respondents look to whitelisting to protect more “static” high-availability machines like servers (40%), gateways (31%), and desktops (32%) rather than more dynamic environments like laptops (26%) and wireless devices (29%). Symantec has been stressing for quite some time that we are on the cusp of a critical inflection point where the number of unique malicious code instances is surpassing the number of legitimate code instances. This trend necessitates considering a new approach to providing security; namely, rather than blocking out the bad, we should consider just allowing in the good. Naturally there are a host of challenges in this area, but given our tremendous reach and deep insight, we believe that there are some highly promising approaches to facilitating whitelisting – and this area is one that I’m personally both very excited about and also actively involved with.
As indicated SYMC did an anonymous survey querying on the subject of whitelist. While that in itself is not a surprise, the results were interesting.
Besides what we would consider a pretty high “yes” rate to the question of “Have you deployed some form of whitelisting” (34% said yes), the underlying comments reveal a pretty sophisticated view of the initial and important use cases for whitelisting.
Now, one assumes that the people surveyed are most likely enterprise (commercial and government) users, but it is very interesting to note the pretty even distribution of end target platform use for whitelist (40% server/31% gateway/32% desktop) with the inference that these are the more “static” devices.
This is interesting (and does check with our field experience BTW) in that we would guess the delineation is being made on what the enterprise users deem as the “managed devices”.
So what is “managed device”? In our view in is an IT element and has some form of best practice controls in play all the way from software stack development, QA, user acceptance tests (UAT) and deployment. Generally a managed device would (ideally) have one “point of management” for updates and maintenance. Laptops and other devices in many organizations lack these important software release/management best practices.
One also might assume that the whitelist method being applied to these managed devices have something to do with IT process enforcement and compliance, likely driven by ITIL, PCI or some other best practice and/or regulation.
Given the relatively high “yes” to whitelist answer (in that whitelist enabled methods are still somewhat nascent) one might further guess that technologies in use might be a combination of “home grown” , first-generation, well known open-source and commercial methods like Tripwire (good for you Tripwire!).
It seems to us that as understanding and acceptance of these methods increases, the use cases and the respective appreciation for the value-add of IT controls based on image management, enabled by whitelist, will only improve (after all we have a contribution margin of new yes’s of 65% (the no’s and don’t knows).
This represents a great opportunity for the suppliers to explore, better understand, and deliver next-gen methods for enhance positive IT controls! (at least that is what WE are doing)
In our view this survey reveals some very important data points. We can blog on the virtues of new “whitelist” methods until the cows come home, but the only important questions at the end of the day are:
“Are customers ready for these new methods?” (and the answer appears to indicate YES) and;
“What are they willing to pay” (and the answer is TBD based on use case and value delivered) and;
“Who will be the de facto standard vendor(s)?” (great question….!)
Anyway, thanks for the survey Symantec welcome (again) to the discussion!
Wyatt.
Leave a Comment » | General, Trusted Ecosystem | Permalink
Posted by wyatt
Some of you may have attended the recent BlackHat/DefCon events in Las Vegas earlier this month. Of the notable events and mentions, two in particular I thought might be of interest.
One of these events is reported in the article linked below:
http://dmnnewswire.digitalmedianet.com/articles/viewarticle.jsp?id=483836
with the headline:
CoreTrace’s Application Whitelisting Solution Stops 100 Percent of Computer Viruses During DEFCON 16 “Race-to-Zero” Competition
The key paragraph is:
“After the blacklist-focused contest was completed, we ran the samples through CoreTrace’s whitelisting solution, BOUNCER,” said “Race-to-Zero” organizer, Simon Howard. “By not allowing any of the samples to execute on the host computer, BOUNCER stopped 100 percent of the viruses. I strongly recommend that companies add application whitelisting solutions like BOUNCER to their arsenal.”
Congrats to our friends at CoreTrace! It’s no surprise to us that “positive” code identification and application “allowance” is more effective than bad code detection and blocking alone.
Both blacklist and whitelist methods have a common thread:
This means that the measurement method is a means to an end, with the desired end being to create and invoke effective policies that are predictable and reliable. BOTH blacklist and whitelist are measurement methods. The difference (and the reason that CoreTrace prevailed in the Race-to-Zero) is that their method is FINITE. They ONLY allowed what was known and trusted to execute. The other guys had the infinite detection problem in that there are an infinite number of “bad things” that can come at the endpoint. It’s become increasingly difficult to keep up from a blacklist perspective (with the identification method, timing or quantity).
The trick however for all makers of IT “endpoint instrumentation” is maintaining the method above the endpoint. As I have mentioned in previous blogs, the full extension of the value of whitelists cannot be fully enabled without effective image management methods AND the whitelist content (organization, quality and supply).
Think middle-tier image management and source quality of whitelist measurements. We must create capable image management methods that can scale to enterprise, and supplement these methods with quality measurements (whitelists) for us to scale with confidence.
After all, if our customers can’t scale these methods to thousands of endpoints, and manage/integrate them effectively, they will not be practical over the long-term.
So we applaud the efforts of CoreTrace, and of all of the endpoint folks (3rd party, ISV and Platform), to enable more of these Positive IT controls capabilities “out of the box”.
We stand ready to serve any/all of them with the most comprehensive set of image management methods and high-quality whitelist content available today.
P.S. I indicated that there were two notable developments out of Blackhat. I will blog on the second one in the next few days.
1 Comment | General, Security, Trusted Ecosystem | Permalink
Posted by wyatt
While on the subject (of Positive IT Controls methods and architecture) I’d like to share some observations on the value/pricing metrics.
We must take the “customer perspective” in our approach to pricing new value-add IT security and image/system management methods for servers and endpoints.
For our Enterprise Customers this means:
Operating Expense Considerations:
o Can I demonstrate improvement in Mean Time To Failure?
o Can I demonstrate reduction in Mean Time to Repair?
o If the answer is yes to the these, it translates directly to extra ‘nines’ of availability
o On initial install
o In daily operation
Capital Expense Considerations:
Translating these metrics to the available budget for a vendor solution requires calculating the estimated impact of the solution for our customer (in dollars per year). Additionally, by dividing the dollars per year benefit for the solution by the number of endpoints we can estimate the effective value per endpoint offered by the solution.
A big advantage of Positive IT Control Methods is that most of the considerations discussed above can be tangibly demonstrated.
In contrast, Negative Model security ROI is most often based on actuarial analysis and is often viewed as an “insurance” sale. In other words, if I DON’T deploy the solution, my risk if an incident occurs might be $X, so I am willing to pay $Y per device as insurance to mitigate that risk.
In the Positive Image Management and Controls scenario we can measure TRUE OpEx and CapEx impact.
When we have a denominator (the impact/savings) we can divide it by the numerator (the number or devices and endpoints served) and begin to understand our value delivered.
Example:
If customer savings = $1mm / 12mos;
and number device units served = 10,000;
then $1×10^6 / 1×10^4 = $10^2 (or $100 per device per year)
Not only is this value/ROI analysis useful for the supplier (in setting a price for the value delivered) it is mandatory for our enterprise customers in this challenging spending environment, and when justifying their choice of vendor and solution.
The bottom line is:
Proactive systems management can and does create specific and measureable operating efficiencies (as well as offsets of capital spending thru better IT systems efficiency and agility).
In our opinion vendors should live by the following guideline:
If we can’t tangibly save or make our customers money through their utilization of our solution in their IT environment, then we shouldn’t be wasting their time.
Leave a Comment » | General, Security, Trusted Ecosystem | Permalink
Posted by wyatt
As I have discussed before, it is interesting to watch the steady evolution of the IT security, systems management and compliance solution set. If you zoom back to a 5 to 10 year view, and compare how we were thinking about things before, to how today’s thinking has evolved, some interesting macro patterns emerge.
First, there is increasing harmony in the thinking that “we can’t keep up with the blacklist velocity” and it is easier to flip the model to “whitelist” and keep track of that. Even the industry giants are now touting whitelists as a safe bet for the future of IT security. See this video from RSA this year where John Thompson, the CEO of Symantec, talks about future trends:
While John’s comments are useful (and we believe correct) – we need to be careful here. I have indicated before in these blog pages, and in my public-facing keynotes and presentations that Whitelists are NOT substitutes for Blacklists. In fact, the methods are complimentary for now.
As we get better (as an industry) at measuring and asserting Positive Image Management (making sure the good and desired code set remains in a prescribed state over the device usage lifecycle) then our full dependence on Negative Detection methods (AV/IDS/IPS) should diminish rapidly.
Accomplishing this, however, could hinge on our ability to radically shift our paradigm as it relates to security and systems management. Let me expound.
In the traditional AV model, we fundamentally rely on a two-tier model where:
Basically the industry approach has been incremental, reactive, and has leaned heavily on this two-tier model.
As we shift to a more proactive and prescriptive Positive Image Management method, it is imperative that we “remap” our traditional two-tier view. We see our customers moving more to this view:
There are many advantages and benefits for Enterprise to move to this model, but in simple terms this process is commonly called a “control process”, and is very common in almost every other form of repetitive automation and process management.
As we move to these methods, we need to map more to a three-tier model. Where we may already have a three-tier model (Enterprise Management, CMDB, and/or Data Center Automation), we need to add/supplement the middle tier with Positive Image Management Methods.
In our opinion this will create a hierarchy that looks more like this:
In this model it is becoming increasingly clear that the enabling, and high-value components, are in the MIDDLE-TIER. Sure, you need a great set of “whitelist services” above the middle-tier. And yes, you need capable endpoint instrumentation to measure and apply desired detection, blocking/locking and remediation policies. We believe that the key value contribution and long-term differentiation layer of the three-tier model is delivered by the high-resolution image management capabilities present in the middle-tier.
Endpoint instrumentation is largely a commodity and is being subsumed into the platform itself anyway, so that is not a great spot to place your bets (as an IT solutions provider). You can begin to see this emerge in the OS and platforms now with technologies like Validated Execution from Sun (see http://www.opensolaris.org/os/project/valex/) and Trusted Execution (Txt) from Intel (see http://www.intel.com/technology/security/).
And, over time, even the “whitelist” services themselves may begin to commoditize.
So as you begin to grasp this important shift to “whitelisting” that many people are beginning to talk about, don’t be fooled.
Our primary objective must be to provide our customers with an effective IT controls method to enhance their existing “managed IT device environment” through the utilization of Positive Image Management, Control and Remediation Methods. Positive IT control methods are enabled and enforced by high-quality whitelist measurements.
Wyatt Starnes
5 Comments | General, Security, Trusted Ecosystem | Permalink
Posted by wyatt
Last week SignaCert was named one of the “7 Virtual Management Companies to Watch” by Network World. Wow, that came a bit out of left field…
Yes, we have been doing a lot of work in this space (configuration and image management for virtualization) but we were surprised, and a bit humbled by the recognition.
We are also coming off of a big week in New York City where we spent some quality time with the tier one and two financial firms exploring where they are in their thinking about systems management and information security in the enterprise. It was very interesting really….there were several independently validated trends that emerged out of these great customer meetings.
1) Virtualization remains a bit of a curiosity today in most large enterprises. It was a bit uncanny to hear from several of them that they were “10% or less (much less) deployed in their current enterprise IT environments” and that they “expected to be” 40-60% deployed in the 2-4 year time frame.
2) Deployment of MS-Vista on the user endpoints (desktops, workstations, laptops) is going to be “delayed” by at least a year—maybe two. This is somewhat a function of the current financial environment in the Financial Services sector—but likely more a function of not having a compelling reason to switch, coupled with a resounding “we’re not ready.”
The other thing that came thru was common thread of “how do we take this time out and get our stuff together as we prepare for the next wave?”
What was clear is that standardized configuration and image management is a *precursor* to what our customers need to achieve NOW. That is – do more with less by:
1) Delivering more productive IT Business Process cycles with their existing infrastructure WHILE lowering costs and improving compliances.
2) Doing that while optimizing CapEx and lowering OpEx.
Sounds like IT measurement and automation to me. No choice. No more excuses.
Another very interesting normalized data point is that the traditional (read: already in house and validated as suppliers) need to do more to address these needs AND the only – underscore ONLY new vendors that will make the cut to supply in these times are ones that can address the More with Less demand. Period.
So connecting all of these dots……
Our prospects and customers must acquire tools and knowhow to make sure that what they build and deploy in their IT environments STAY deployed as intended through out the IT business process lifecycle.
And if we can’t understand and maintain our S/W builds NOW in our mostly monolithic (1 computer – 1 Operating System and Application Stack)—then how are we possibly going to do this in the Virtualized IT World that we all know is coming?
Thank you Network World for “getting it”… Software measurement and IT controls methods built on high resolution software stack management is not a luxury today… and increasingly crucial to manage the current and future enterprise IT.
IT in Transition turns the page…..
Wyatt.
3 Comments | General, Virtualization | Tagged: capital expenses, independent controls, information security, IT management, IT operations, Network World, operating expenses, systems management, Virtualization, Vista | Permalink
Posted by wyatt
Over the last few weeks Microsoft (MSFT) announced more details of their long awaited virtualization strategy (drum roll please) and their expanded partnership with Citrix/Xen (with an emphasis on servers) and simultaneously announced the acquisition of Calista.
When Citrix originally announced the acquisition of XenSource a few months ago we thought that is was apparent that MSFT had to be “in the know” as Citrix and MSFT have been in a love/hate relationship in within the enterprise markets for nearly 18 years.
The prior relationship was much to do with terminal services and “backracking” and streaming of applications to the end-point. In many ways these uses are a pre-cursor to virtualization – an enterprise “Petri dish” to see what and how customers find value around alternate enterprise usage of platforms and software delivery. Now the next shoe is dropping.
With the success of VMware―both in terms of early enterprise acceptance and deployment AND the IPO (giving VMW a huge warchest)―Microsoft has been forced to move. Some would see it as “late”, but the virtualization market is really very nascent. The bulk of VMW revenue is made up of deal sizes $100k or less….(likely ASP’ing at <=$70k right now)….so the bulk of the $1B+ in revenue by VMW is still “pilot” and for development usage. So we are very early stage.
But the shift is happening quickly and the full transition is inevitable in short order (Less than 5 years for leading sectors to cross over to more than 50% virtualized infrastructure.)
While it is clear that the Virtual Memory Manager (VMM) and Hypervisors (HV) are ultimately commodity delivery mechanisms for the stack and software in the Virtual Machine (VM) enablers, control of VMM and HV is important to the big guys until the other layers of the value-add opportunities develop and evolve.
The longer term question for the “little guys” (every one with less than $100b market cap) is “where are the defensible 3rd party value-add areas” as the paradigm shift fully reveals itself? What “goes away” as the shift from the one-to-one (hardware to OS) monolithic platform yields to the one-to-many virtual platform.
What happens to traditional IT security in this brave new world? Where can we hang our respective 3rd party hats as the elephants trample the old ground in search of new and fertile new areas?
It is in these questions that the “positive” security and systems management model really begins to stand out. Knowing that VM instantiations are ASSEMBLED FROM trusted code by validating them against a platform and vendor agnostic, high-quality “white list” resource becomes critical.
Also knowing WHAT CODE IS LOADED WHERE AND FOR HOW LONG becomes an enabling capability, regardless of which VMM and HV is used to create the VM software stacks.
Also, compliance and software licensing become even more important, but can be easily handled with trusted code and stack measure/validate methods. Being able to “attest” the stack to an external “white list” reference built from a rich supply of high-quality software reference measurements becomes a highly-defensible and long-term way of adding value to the new virtual compute paradigm.
Interestingly for those that get the jump on this, this represents a huge, content-based, recurring revenue model that the first-party players will have a difficult time displacing (because they don’t have ready access to software measurements from other vendors and due to the “trusted third party” implications).
Will we really trust Microsoft to validate Microsoft?
So let’s just view this as another card in an unfolding game of mammoth proportions and implications.
Stay tuned. This is going a lot of fun to watch, and to participate in.
Leave a Comment » | General, Trusted Ecosystem, Virtualization | Permalink
Posted by wyatt
