Full Disclosure mailing list archives
Re: Microsoft wins Homeland Security Bid ( Reuters)
From: yossarian <yossarian () planet nl>
Date: Wed, 16 Jul 2003 22:56:53 +0200
The point I am missing here - we might not like M$ to have won, but who else could? It is a government, so think big companies. Would you rather it was Symantec or IBM? Or think about the big systems integrators EDS and CSC style <yuk> would that be much better? Smaller players like Veridian or Secureinfo - would we be served any better if they could actually make themselves credible? Nah, don't think so - it was bound to be a big one. Big organisations want big suppliers.... And think again, elections are coming up and funding is needed. Of the companies I named, IMHO most would be worse than M$, so let's just forget about the general dislike of Outlook and ActiveX and be realistic. There is a wunderfull saying in dutch that roughly translates to "the devil allways dumps on the big heap". And we all know that big heaps tend to smell funny. yossarian ----- Original Message ----- From: "Jason Coombs" <jasonc () science org> To: "Brad Bemis" <Brad.Bemis () airborne com>; <full-disclosure () lists netsys com> Sent: Wednesday, July 16, 2003 9:55 PM Subject: RE: [Full-disclosure] Microsoft wins Homeland Security Bid ( Reuters)
Aloha, Brad. Nice essay. However, you miss the point entirely. It is inappropriate to
give
Microsoft the benefit of the doubt. U.S. taxpayer money literally pours into Microsoft's coffers, the present contract win being just one example. In return, U.S. citizens receive a government that is unable to comprehend the most basic of information
security
concepts because the computing platform used by so much of the U.S.
government
is substandard and the vendors more concerned with appearances than
provable
security.Microsoft products can actually provide a great deal of security (so long as you can implement an effective patch management solution on top of your host hardening procedures)....Microsoft is going to work very hard with the DHS to provide a secure baselineMicrosoft will have to work hard, because they'll be working against themselves more than anyone else, and they are a formidable adversary.
Perhaps
you do not understand what Microsoft did when they designed their
"Baseline
Security Analyzer" software... By design this software performs as little scanning as possible so that the results of its analysis more often reveal "your baseline security is great!" -- they intentionally crippled this
tool's
capabilities, giving admins a false sense of security and contributing to
the
emergence of SQL Slammer. You're saying that you wish to both forgive them (and obviously, forget their past bad acts) and presume that they will
never
do such a thing again... I sure hope you don't vote and that you never
find
yourself burdened with the power to make important decisions.security is a process, not a product.The first step in this process is to select technology and vendors that do
not
actively work against the interests and requirements of security.Comments stating that Microsoft will be incapable of providing an appropriate service (or at least a service comparable to any competitor in the marketplace) are biased and without merit.There is nothing wrong with bias; in fact, it is an essential security countermeasure. You are correct, though, that comments stating that Microsoft will be incapable of providing an appropriate service to the U.S. government are without merit -- provided that Microsoft selects Linux as the OS and
minimizes
the number of features and the amount of software they deploy, they surely
are
capable of providing a service that is comparable to any competitor in the marketplace. They're smart people. The problem is that these smart people
are
forced to haul around a stinking mess of insecure code in order to advance their corporate brand marketing interests every time they do a job. This
is
just plain harmful, and it has no place in government computing paid for
by
taxpayers. Sincerely, Jason Coombs jasonc () science org -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Brad Bemis Sent: Wednesday, July 16, 2003 6:22 AM To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Microsoft wins Homeland Security Bid ( Reuters) I find it interesting that so many negative comments have been made about this. ... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Microsoft wins Homeland Security Bid ( Reuters) Brad Bemis (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) northern snowfall (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) Valdis . Kletnieks (Jul 16)
- RE: Microsoft wins Homeland Security Bid ( Reuters) Jason Coombs (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) yossarian (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) northern snowfall (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) Blue Boar (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) northern snowfall (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) Ross Dmochowski (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) yossarian (Jul 16)
- <Possible follow-ups>
- RE: Microsoft wins Homeland Security Bid ( Reuters) Jonathan Grotegut (Jul 16)
- RE: Microsoft wins Homeland Security Bid ( Reuters) Brad Bemis (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) northern snowfall (Jul 16)
- RE: Microsoft wins Homeland Security Bid ( Reuters) Brad Bemis (Jul 16)
- RE: Microsoft wins Homeland Security Bid ( Reuters) Brad Bemis (Jul 16)