"You can't consider the problem of defense without first understanding the problem of attack."

Doug Tygar, a professor of computer science and information management at UC Berkeley

On-demand software is a software hosted by the vendor and made available over the web to customers for a fee.

salesforce.com is going great guns with their on-demand platform AppExchange. It is a terrific concept. In simple terms, if a company wants to on-demandify software product, they could do so by tweaking their applications to run on salesforce.com on-demand platform and make it available for salesforce.com customers via the AppExchange.

Application + salesforce.com on-demand platform => Application available on AppExchange

Think of a small software company which has terrific product, but does not have resources to market the product. If they get their applications on AppExchange platform, they can charge a fee and gain the potential to generate revenue stream right away. Imagine the leverage a small software player can get out of this!. Business Week calls AppExchange as an eBay for business software.

On-demand sounds too good, but what about security concerns? - customer's data, customer's customer's data and so on is in the hands of on-demand vendor.

On-demand customer: How do you trust your data with on-demand software vendor?

On-demand vendor: 1. How do you convince your customer about your security?

On-demand vendor: 2. How do you convince on-demand platform developers that your framework does not compromise their application's security?

I will address some of these issues in my upcoming posts.