http://www.fcw.com/online/news/152496-1.html By Michael Hardy FCW.com May 12, 2008 An encryption software company on the governmentwide Data-At-Rest blanket purchase agreement is being accused of using a misleading matrix in its marketing. The matrix implied that government officials had found its product was better than its competitors'. However, no agency has conducted such an assessment. The company, Mobile Armor, has reportedly pulled the document from its marketing materials. But questions have been raised about whether agencies were misled and what contracting officials should do about it. The contracting officer for the BPA has not indicated whether the government will take further action against Mobile Armor. Mobile Armor is one of 10 software companies on the Data-At-Rest BPA, a joint effort of the Defense Department's Enterprise Software Initiative and General Services Administrations SmartBuy programs. Soon after the June 2007 award, companies started marketing their wares, and some prospective customers began asking Mobile Armor's competitors to explain their low scores on the competitive matrix. The matrix showed several encryption software products, most of which were available through the BPA, ranked on a scale of 0 to 5 in 11 specifications. Mobile Armor's product scored the highest ratings in all categories on the chart. The chart's source line stated that the information came from data the companies submitted to the Data At Rest Tiger Team (DARTT), DOD and GSA. But competitors say they submitted no information that could have been distilled into such numerical rankings. Mobile Armor officials declined to comment for this story. However, they told the BPA contracting officer that a consultant, who no longer works for the company, created the matrix without the knowledge or approval of company executives, sources said. The case comes to light as contractors increasingly are under scrutiny for ethical lapses. The Environmental Protection Agency abruptly suspended IBM from all federal contracting for a week in early April after reports surfaced that company employees obtained protected source selection information from an EPA employee and used it in contract negotiations. The matrix has apparently circulated beyond the circle of government customers for whom it was originally intended. Pete Morrison, vice president of sales for Credant's North America operations, said a commercial customer first brought the matrix to his attention. "The key features as well as the rankings were a total fabrication," Morrison said. "This was not part of the process that the DARTT folks went through when they awarded the contracts." The companies vying for a place on the BPA answered a 103-question questionnaire to establish that they met the minimum requirements for inclusion, Morrison said. Because it was a BPA, the government made no effort to sort out the better companies from weaker ones, he said. "If you met the requirements, you got a contract. Nowhere was there any kind of scoring or anything like this." Companies submitted nothing that correlates to numerical scores, agreed Joseph Belsanti, director of marketing at WinMagic, another of the competing companies. Maurice Griffin, the contracting officer overseeing the BPA, declined to comment in detail. In a brief written statement, he said, "The matrix in question was not a government document nor did the government direct, require or provide input to development of the document." The evaluation materials would be protected as source selection documents, he added. Observers and competitors now wonder if Mobile Armor's agreement to stop using the matrix will end the matter. "Just pulling it down is a little weak," said Andy Solterbeck, chief technology officer in the commercial security division of SafeNet, another company on the BPA. "I think more of an active retraction would be in order." Solterbeck, like other competitors, said it would be difficult to know whether his company lost any sales as a result of Mobile Armor's marketing activities. His chief objection was that the matrix implied that the data came from an official government source. If the competitive matrix had been presented as anything other than a government document, no one would have cared because it would have been easy to refute, he added. Belsanti said he doubted WinMagic had lost any sales because of the matrix. "Our customer base within the federal government is a fairly loyal one and a fairly educated one," he said. "I have not heard of this document being detrimental to this success." Nevertheless, security is primarily about trusting trustworthy people and partners, Belsanti said. "The [fear, uncertainty and doubt] being produced by some organizations in the marketplace isn't doing the market any favors," he said. "If I was a customer in the marketplace, I would think about who I put my trust in." GSA officials declined to comment. _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue May 13 2008 - 01:37:54 PDT