[ISN] Vendor assailed for unfair marketing

From: InfoSec News (alerts@private)
Date: Tue May 13 2008 - 01:27:10 PDT


By Michael Hardy
May 12, 2008

An encryption software company on the governmentwide Data-At-Rest 
blanket purchase agreement is being accused of using a misleading matrix 
in its marketing. The matrix implied that government officials had found 
its product was better than its competitors'. However, no agency has 
conducted such an assessment.

The company, Mobile Armor, has reportedly pulled the document from its 
marketing materials. But questions have been raised about whether 
agencies were misled and what contracting officials should do about it. 
The contracting officer for the BPA has not indicated whether the 
government will take further action against Mobile Armor.

Mobile Armor is one of 10 software companies on the Data-At-Rest BPA, a 
joint effort of the Defense Department's Enterprise Software Initiative 
and General Services Administrations SmartBuy programs. Soon after the 
June 2007 award, companies started marketing their wares, and some 
prospective customers began asking Mobile Armor's competitors to explain 
their low scores on the competitive matrix.

The matrix showed several encryption software products, most of which 
were available through the BPA, ranked on a scale of 0 to 5 in 11 
specifications. Mobile Armor's product scored the highest ratings in all 
categories on the chart. The chart's source line stated that the 
information came from data the companies submitted to the Data At Rest 
Tiger Team (DARTT), DOD and GSA. But competitors say they submitted no 
information that could have been distilled into such numerical rankings.

Mobile Armor officials declined to comment for this story. However, they 
told the BPA contracting officer that a consultant, who no longer works 
for the company, created the matrix without the knowledge or approval of 
company executives, sources said.

The case comes to light as contractors increasingly are under scrutiny 
for ethical lapses. The Environmental Protection Agency abruptly 
suspended IBM from all federal contracting for a week in early April 
after reports surfaced that company employees obtained protected source 
selection information from an EPA employee and used it in contract 

The matrix has apparently circulated beyond the circle of government 
customers for whom it was originally intended. Pete Morrison, vice 
president of sales for Credant's North America operations, said a 
commercial customer first brought the matrix to his attention.

"The key features as well as the rankings were a total fabrication," 
Morrison said. "This was not part of the process that the DARTT folks 
went through when they awarded the contracts."

The companies vying for a place on the BPA answered a 103-question 
questionnaire to establish that they met the minimum requirements for 
inclusion, Morrison said. Because it was a BPA, the government made no 
effort to sort out the better companies from weaker ones, he said. "If 
you met the requirements, you got a contract. Nowhere was there any kind 
of scoring or anything like this."

Companies submitted nothing that correlates to numerical scores, agreed 
Joseph Belsanti, director of marketing at WinMagic, another of the 
competing companies.

Maurice Griffin, the contracting officer overseeing the BPA, declined to 
comment in detail. In a brief written statement, he said, "The matrix in 
question was not a government document nor did the government direct, 
require or provide input to development of the document." The evaluation 
materials would be protected as source selection documents, he added.

Observers and competitors now wonder if Mobile Armor's agreement to stop 
using the matrix will end the matter.

"Just pulling it down is a little weak," said Andy Solterbeck, chief 
technology officer in the commercial security division of SafeNet, 
another company on the BPA. "I think more of an active retraction would 
be in order."

Solterbeck, like other competitors, said it would be difficult to know 
whether his company lost any sales as a result of Mobile Armor's 
marketing activities. His chief objection was that the matrix implied 
that the data came from an official government source.

If the competitive matrix had been presented as anything other than a 
government document, no one would have cared because it would have been 
easy to refute, he added.

Belsanti said he doubted WinMagic had lost any sales because of the 
matrix. "Our customer base within the federal government is a fairly 
loyal one and a fairly educated one," he said. "I have not heard of this 
document being detrimental to this success."

Nevertheless, security is primarily about trusting trustworthy people 
and partners, Belsanti said. "The [fear, uncertainty and doubt] being 
produced by some organizations in the marketplace isn't doing the market 
any favors," he said. "If I was a customer in the marketplace, I would 
think about who I put my trust in."

GSA officials declined to comment.

Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Tue May 13 2008 - 01:37:54 PDT