Greetings from VMWorld in sunny Los Angeles.

I've been flown over by VMWare to interview execs, have a look at some presentations and get properly briefed on virtualisation technology.

For those who aren't familiar with the latest developments in the virtualisation field, you'll want to have a look at VMWare's virtual appliance initiative.

Hardware appliances have become very popular over the years -- you pull your spam filter/mail server/gateway out of the box, plug it in and turn it on.

But they're expensive.

Virtualised appliances go some way to reduce the costs involved. By removing hardware dependency issues, vendors can ship a pre-configured disk image containing the application AND an application specific OS. They load up the image on a VMWare box, and voila! The virtual appliance is up and running.

It's a great idea. If you're ordering some sort of web hosting package, it'll take you ten minutes to configure it on a system running VMWare's ESX server technology. And because the operating system is only tasked with running the one application, it's light and pre-optimised for an application specific deployment: Think of the TiVO -- its application runs on a lean Linux base.

But there are some potential security issues.

Releasing a hardware appliance is costly, and that acts as a barrier to market entry for smaller and less experienced companies. Now that VMWare is making the development of virtual appliances cheap, every Tom, Dick and Harry will make a play for the market. It's great for innovation, but there's a drawback: those same Toms, Dicks and Harrys will have to maintain the underlying OS, which in most cases is a customised Linux distro.

Do we really want to trust VMWare's ISVs in maintaining the Linux distro their products run on?

VMWare execs say Linux distros designed for virtual appliance providers are already on the market -- they help the ISVs release patches for the underlying OS. That could go some way to assuring some worried CSOs, but it's still early days. We'll need to wait for the providers of virtual appliances to prove their commitment to operating system security; they'll need to prove they won't leave customers waiting six months for critical security updates, or more security conscious organisations will steer clear.

Let's hope the ISVs don't let us down -- virtual appliances are a bloody good idea.