[ISN] Industry group wants DHS agency to review deal with Microsoft

From: InfoSec News (isnat_private)
Date: Thu Aug 28 2003 - 00:23:34 PDT

  • Next message: InfoSec News: "[ISN] SoBig hacker may have profit motive"

    Fowarded from: William Knowles <wkat_private>
    
    http://www.computerworld.com/securitytopics/security/story/0,10801,84434,00.html
    
    Story by Todd R. Weiss 
    AUGUST 27, 2003 
    COMPUTERWORLD 
    
    The Computer & Communications Industry Association (CCIA) is
    criticizing last month's decision by the U.S. Department of Homeland
    Security (DHS) to exclusively use Microsoft Corp. software, arguing
    that recent computer virus and worm attacks against Microsoft products
    are evidence that such a decision is a poor choice.
    
    In a letter today to Tom Ridge, the secretary of the DHS, Ed Black,
    the CEO and president of the Washington-based CCIA, asked the agency
    to "reconsider" its decision to use Microsoft software inside an
    agency with critical security needs.
    
    "We believe that for software to be truly secure it must be well
    written from the outset, with security considerations given a high
    priority," Black wrote in his letter. "Unfortunately, there is ample
    evidence that for many years economic, marketing and even
    anticompetitive goals were far more important considerations than
    security for Microsoft's software developers, and these broader
    objectives were often achieved at the cost of adequate security.
    
    "Also, from a security standpoint, the lack of diversity within a
    networked system amplifies the risk emanating from any vulnerabilities
    that do exist," he wrote. "But diversity is difficult without
    interoperability, and the benefits of interoperating with more robust
    systems can be blocked if any dominant player does not cooperate in
    fostering interoperability."
    
    The DHS awarded Microsoft a $90 million enterprise software deal last
    month, just two days after company Chairman Bill Gates met with Ridge
    in Washington.
    
    A DHS spokesman couldn't be reached for comment on the CCIA letter
    late this afternoon. A spokesman for Microsoft was also unavailable by
    deadline.
    
    In an interview today, Black said his group reacted publicly because
    of the recent Blaster and Sobig.f viruses and worms that have caused
    problems on Microsoft-equipped computer systems since last week. "It's
    no secret that Microsoft isn't the most secure software around," Black
    said. "We care a lot about homeland security. The issue about [DHS]
    setting a good example on security has also come up before."
    
    The group was "somewhat surprised and a little disappointed" by the
    DHS decision to use Microsoft software as a preferred choice, Black
    said. "They really should revisit this decision," he added. "They
    should be urging the best products, the most secure products."
    
    Other software and operating systems, including Linux, Unix and Mac
    OS, should be considered, Black said. "In our office, we integrate
    Windows, Linux and Macintosh. There should be a certain recognition
    that diversity ... has some benefits."
    
    In his letter, Black noted that the CCIA has recently pointed out in
    submissions to the Bush administration and Congress that there are
    "dangers of relying on single suppliers for information technology"  
    and "the inherent risks associated with homogenous systems."
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ----------------------------------------------------------------
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ================================================================
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    *==============================================================*
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Aug 28 2003 - 03:36:34 PDT