CRIME FW: @Stake pulls pin on Geer: Effect on research and publication (fwd)

From: musashi@private
Date: Fri Sep 26 2003 - 11:21:55 PDT

  • Next message: Alan: "CRIME [Fwd: [Politech] Does Justice Department prosecute denial of service attacks?]"

    This raises a lot of red flags to me and seems reminiscent to the days
    of Dan Farmer releasing SATAN and having to leave SGI.
    
    The news article also notes that when other security researchers were
    querried about input into this publication many agreed with the
    points/theory/ideas but wouldn't join in the research due to fear of
    Microsoft.
    
    -musashi
    
    
     -----Original Message-----
    From: Patrick J. Kobly [mailto:patrick@private] 
    Sent: Friday, September 26, 2003 8:45 AM
    To: bugtraq@private
    Subject: @Stake pulls pin on Geer: Effect on research and publication
    
    
    CNET is reporting that @Stake fired Dan Geer yesterday:
    
    http://news.com.com/2100-1014_3-5082649.html
    
    Over a recent CCIA report coauthored by him, and released Wednesday:
    
    http://www.ccianet.org/papers/cyberinsecurity.pdf
    
    @Stake's comments - "The values and opinions of the report are not in line
    with @Stake's views" explaining Geer's termination are concerning for a
    company that claims "we must not be afraid to take things apart, understand
    how they work, and share that information with the world." 
    [http://www.atstake.com/research/]  
    
    It should be noted that the CCIA report tries to examine the Microsoft
    desktop monopoly, and its effect on the security of the Internet and the
    digital world at large.  This is in direct line with @Stake's stated
    research objectives.  The fact that the conclusions drawn may not be the
    same as those drawn by other @Stake researchers does not justify silencing
    this discussion.
    
    @Stake and other security companies and organizations need to act now to
    encourage discussion of root causes of insecurity on the net - even if these
    causes are not fundamentally technical in nature.  It is, in fact, these
    causes - the political and economic ones - that are the most difficult ones
    to fix.  As a result, it is these factors that must be brought into the
    public eye, exposed to more scrutiny, so that we may address them.
    
    What @Stake has done here is simply confirm to other security researchers
    that the publication of unpopular research will directly affect their
    pocketbooks.  @Stake has set researchers' financial security and job
    security at odds with their professional ethics and research standards.
    Will the next researcher working at @Stake or Symantec, or Security Focus
    hesitate to publish controversial research because he is worried for his
    financial well-being?
    
    PK
    -- 
    "I am committed to helping Ohio deliver its electoral votes to the President
    next year."
      -- Wally O'Dell - CEO of Diebold, Inc. (One of the largest American
      manufacturers of election machinery)
    



    This archive was generated by hypermail 2b30 : Fri Sep 26 2003 - 11:42:43 PDT