The KIT ─ Knowledge & Information Technology
No. 238 - 16 April 2019
Was this forwarded to you?
In This Issue
Software Component Transparency
The AI Nine
Enterprise CRM
Seen Recently
Claude Baudoin

Consulting Services
  • IT Strategy
  • Enterprise Architecture Roadmap
  • Business Process Modeling & Analysis
  • Enterprise Software Selection
  • IT Innovation Briefings
  • IT Due Diligence
  • Executive IT Seminars
  • Cloud Computing
  • Security Maturity
  • Software Process
  • Knowledge Strategy
  • Technical Communities
  • Knowledge Capture
  • Taxonomy development
  • Enterprise Social Media
Contact Us:
cébé IT and Knowledge Management
+1 415 870 ITKM
Twitter: @cbaudoin
Previous KIT Issues
Forward this issue to colleagues and friends: use the "forward email" link below at left, rather than "Forward" in your email software, to preserve your privacy, give the recipient more options (their own unsubscribe link, etc.) and to give us better click-through data. Thanks!
Software Component Transparency
The National Telecommunications and Information Administration (NTIA), part of the US Department of Commerce, held a long meeting on April 11 to review the progress of its "multistakeholder initiative" on software component transparency -- aimed at achieving traceability of code imported (in particular) from open source repositories and identifying security risks. A few dozen experts were in the room in Washington, DC, while remote attendees could join by high-quality videoconference.

As of today, the project's website has not yet been updated with a link to the replay, but the slides and draft reports from the various working groups are posted. The main highlights are:
  • End users and suppliers are still at odds about how much visibility they want to give to an application's exposure to vulnerabilities; however, a compromise may be to document which calls a piece of software makes to a component, since only certain calls may execute a vulnerability.
  • The standard building blocks for a "software bill of materials" (SBOM) were compared and contrasted. There is still a need for a more comprehensive and unified standard.
  • A proof-of-concept project around the provenance and pedigree of software in medical devices (where a cyberattack or malfunction can have lethal outcomes) is making great progress, thanks to cooperation between five major hospitals and four medical device manufacturers.
A New Model to Screen and Match Job Candidates
Many hiring managers in software, data science, AI, etc., know what skills their group needs but have insufficient personal knowledge (and/or time) to screen candidates well. And sadly, it has become very easy to stuff a resume with all the right buzzwords. A startup called Triplebyte aims to make tech hiring more efficient in two ways. First, they provide a lightweight "credentialing" process for technical skills, through online testing. Second, they use AI to match candidates and companies. See more in this TechCrunch article.

(Thanks to Alex Godbout for the tip.)
The "AI Nine" -- an Incomplete Perspective
Amy Webb is a "professor of strategic foresight" at NYU and founder of the Future Today Institute. If you are impressed by titles, these are grandiose enough to inspire awe. She wrote a book called The Big Nine: How the Tech Titans and Their Thinking Machines Could Warp Humanity. The big nine in question are the US companies Amazon, Apple, Facebook, Google, IBM and Microsoft, and the Chinese companies Alibaba, Baidu and Tencent. According to this Forbes article, her advice to escape the clutches of these large companies is to "insource" AI and connect it to HR, compliance, sales and marketing.

Wow... if any initiative remains alive after being subjected to this treatment, it will be a miracle. Ms. Webb needs to get out a bit more. What about all the startups that are inventing ways to apply machine learning to all sorts of domains such as health, agriculture, retail, and more? Or natural language processing? Or image recognition? Sure, some of them will end up being acquired by the giants, but they are where some of the most intriguing ideas are being hatched -- see for example those mentioned in the KIT no. 231. Find a way to enlist their help now, and you may gain a competitive advantage that would be lost in a later adoption.
Enterprise CRM: the Three Big Solutions
ITBusinessEdge applied a somewhat strange approach in two papers from the same author, Mike Vizard, published on the same day last week. One is a comparison of Microsoft Dynamics with Salesforce, the other a comparison of Salesforce with Oracle CRM. We're not quite sure why not try to compare all three in one fell swoop. Perhaps the author had a quota of papers to write in Q1...

The slant is clearly toward large-scale implementations, where these are the best-known and most robust solutions. Oracle (whose CRM solution originally came from its Siebel acquisition) and Salesforce (which practically invented software-as-a-service) come across are remarkably equal in capabilities, with Oracle users paying a higher price in exchange for better integration with Oracle's ERP software if they use it. Microsoft does not fare so well in comparison with Salesforce, ranking lower in most aspects while being at least as expensive, and sometimes much more so.

If you are a small- to medium-size company, and don't need all the bells and whistles of the big three, then there are dozens of other solutions to consider, most of them available in the cloud. Read the articles... but do your homework (or, like a student with rich parents, hire someone to help you do it).

Seen Recently...
"I guess we should all get back to trying to do something with our own lives that people might still love in 900 years."
-- Joanna Bryson, Associate Professor in the Department of Computing
at the University of Bath, referring to Notre Dame de Paris
while giving us a lesson in historical relativity