Politech mailing list archives

Previous By Date Next
Previous By Thread Next

Reply to Dan Geer losing job after criticizing Microsoft

From: Declan McCullagh <declan () well com>
Date: Mon, 29 Sep 2003 01:38:08 -0400
---

From: Gordon Housworth <ghidra () modulor com>
To: "'Declan McCullagh'" <declan () well com>, politech () politechbot com
Subject: RE: [Politech] Dan Geer loses CTO job at AtStake after criticizin
        g Microsoft
Date: Fri, 26 Sep 2003 09:45:46 -0400

Declan

+++ Dan is a careful security professional, a good guy...

I've no doubt of that.  I certainly have tracked commentary from Bruce
Schneier and, to a lesser degree, Dan Geer and found their opinions to be
sound.

Yes, I agree with the summary of their findings as reported in the press.
While the monoculture infection concept may be new to IT, it is an old one
in areas of biodiversity such as agricultural crops.  Similar kinds of
warnings have been raised over genetic reduction of food crop seed stocks,
so far to no apparent avail.

Yes, my firm will continue to use Microsoft SW armored up with security
updates, current virus protection, and firewalls.  I long for a better world
but I do not see Redmond's detractors offering an acceptable one today.

That said, what a reckless fellow to so endanger his firm by not seeking
their prior approval to commence the work, and permitting internal peer
review of the findings prior to release, et al.  What was he thinking would
happen?  Another rendering of "Mr. Smith Goes to Washington"?  Having
scanned the news items on this matter before replying, I am struck by a lack
of common sense apart from technical brilliance on Geer's part.  Context is
often as crucial as the message itself.  Whatever the technical merits of
the findings, the impact was far greater as it was released by avowed
competitors to his employer's key customer.  Given Geer's central role as
CTO, his firm was placed in a binary position to either support or disavow.

Our consultancy does much work in supply chain analysis and if we were to
author exposés of client performance, we would be shown the door and would
not likely gain entries into others.  I like to say that, 'Expiation is good
for the soul but scant value to the pocketbook.'  Mark me as you will, but
unless I was willing to risk a substantial -- and not immediately
replaceable -- portion of my firm's revenue stream, I would have done just
as his employer has done.

I wish Geer well, perhaps in a neutral think tank such as Cert, where he can
continue his investigations and help produce better applications for us all.


Regards, Gordon Housworth
Intellectual Capital Group LLC
26775 Crestwood
Franklin, MI 48025
+1 248.626.1310
ghidra () icgpartners com
http://www.icgpartners.com
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
Previous By Date Next
Previous By Thread Next

Current thread: