» FAIR now under Creative Commons

January 6th, 2007 by Chandler Howell

I would like to join those congratulating and thanking Alex Hutton, Jack Jones, and all the rest of the folks over at RiskAnalys.is for releasing their FAIR framework under the Creative Commons license.

One of the concerns I’ve heard people raise about FAIR was its status as Intellectual Property. By removing that concern, I think that they’re doing not only the risk management community but themselves a big favor.

Having seen the bureaucratic absurdity that using proprietary standards *cough*ISO17799*cough* can cause while living under ISO as our security standard (or “ISO Plus” as we referred to our tailored version internally), we had pretty much this exact same conversation every time we signed any sort of outsourcing agreement (and we signed a LOT of them):

Us: “Under the terms of our agreement, you must abide by our security standards document.”

Them: “Great. Just send us a copy so we can see if there’s anything in there we can’t live with.”

Us: “It’s ISO17799, with some tailoring we’ve done in-house.”

Them: “Great. Just send us a copy and we’ll review it ASAP.”

Us: “We can’t.”

Them: ???

Us: “We can’t. You need to buy a license to it from ISO.”

Them: “OK…”

Us: “Let us know when you’ve got a license and we’ll send a copy right over.”

Them: “But we need to get this contract signed this week.”

Us: “Then just trust us…”

For real.

- Posted in Security and Risk Management, Risk Management

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.


« Traffic risk, SUV style
How do I lose thee? Let me count the ways »


Alex Says:

Chandler,

Thanks for the kind words (like the new WP theme, btw).

Jack and I never wanted FAIR to be a deep dark consulting magic only for our use. And when Jack recruited me, I was impressed by his sincerity to “do good” with FAIR, even at his own expense. He’s constantly reminding me that our focus is not on RMI or even FAIR itself, but on the profession and community.

But, until we were sure of what we had, our business plan, and all that goes with a start up; we played cautious and kept the “patent thing” in place. Opening FAIR may hurt us if we ever pursue VC, but I’m optimistic that the kind of business partners we want will understand the benefits to be gained by “doing good by the community.”

We’re hoping that the Open Group Forum will help foster derivative works. We’ve already got several folks outside of RMI who want to write papers and present them which is encouraging. I am also encouraged by the successes you’ve had there with Jericho. Hopefully I can learn from you guys what works and what doesn’t.

- January 7th, 2007 at 6:52 am |

- Leave a Reply