Full Disclosure mailing list archives
RE: Microsoft wins Homeland Security Bid ( Reuters)
From: "Jason Coombs" <jasonc () science org>
Date: Wed, 16 Jul 2003 09:55:03 -1000
Aloha, Brad. Nice essay. However, you miss the point entirely. It is inappropriate to give Microsoft the benefit of the doubt. U.S. taxpayer money literally pours into Microsoft's coffers, the present contract win being just one example. In return, U.S. citizens receive a government that is unable to comprehend the most basic of information security concepts because the computing platform used by so much of the U.S. government is substandard and the vendors more concerned with appearances than provable security.
Microsoft products can actually provide a great deal of security (so long as you can implement an effective patch management solution on top of your host hardening procedures).
...
Microsoft is going to work very hard with the DHS to provide a secure baseline
Microsoft will have to work hard, because they'll be working against themselves more than anyone else, and they are a formidable adversary. Perhaps you do not understand what Microsoft did when they designed their "Baseline Security Analyzer" software... By design this software performs as little scanning as possible so that the results of its analysis more often reveal "your baseline security is great!" -- they intentionally crippled this tool's capabilities, giving admins a false sense of security and contributing to the emergence of SQL Slammer. You're saying that you wish to both forgive them (and obviously, forget their past bad acts) and presume that they will never do such a thing again... I sure hope you don't vote and that you never find yourself burdened with the power to make important decisions.
security is a process, not a product.
The first step in this process is to select technology and vendors that do not actively work against the interests and requirements of security.
Comments stating that Microsoft will be incapable of providing an appropriate service (or at least a service comparable to any competitor in the marketplace) are biased and without merit.
There is nothing wrong with bias; in fact, it is an essential security countermeasure. You are correct, though, that comments stating that Microsoft will be incapable of providing an appropriate service to the U.S. government are without merit -- provided that Microsoft selects Linux as the OS and minimizes the number of features and the amount of software they deploy, they surely are capable of providing a service that is comparable to any competitor in the marketplace. They're smart people. The problem is that these smart people are forced to haul around a stinking mess of insecure code in order to advance their corporate brand marketing interests every time they do a job. This is just plain harmful, and it has no place in government computing paid for by taxpayers. Sincerely, Jason Coombs jasonc () science org -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Brad Bemis Sent: Wednesday, July 16, 2003 6:22 AM To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Microsoft wins Homeland Security Bid ( Reuters) I find it interesting that so many negative comments have been made about this. ... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Microsoft wins Homeland Security Bid ( Reuters) Brad Bemis (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) northern snowfall (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) Valdis . Kletnieks (Jul 16)
- RE: Microsoft wins Homeland Security Bid ( Reuters) Jason Coombs (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) yossarian (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) northern snowfall (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) Blue Boar (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) northern snowfall (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) Ross Dmochowski (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) yossarian (Jul 16)
- <Possible follow-ups>
- RE: Microsoft wins Homeland Security Bid ( Reuters) Jonathan Grotegut (Jul 16)
- RE: Microsoft wins Homeland Security Bid ( Reuters) Brad Bemis (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) northern snowfall (Jul 16)
- RE: Microsoft wins Homeland Security Bid ( Reuters) Brad Bemis (Jul 16)