[Politech] Reply to Dan Geer losing job after criticizing Microsoft

From: Declan McCullagh (declan@private)
Date: Sun Sep 28 2003 - 22:38:08 PDT

  • Next message: Declan McCullagh: "[Politech] California elections official starts "verifiable voting" blog"

    From: Gordon Housworth <ghidra@private>
    To: "'Declan McCullagh'" <declan@private>, politech@private
    Subject: RE: [Politech] Dan Geer loses CTO job at AtStake after criticizin
    	g Microsoft
    Date: Fri, 26 Sep 2003 09:45:46 -0400
    +++ Dan is a careful security professional, a good guy...
    I've no doubt of that.  I certainly have tracked commentary from Bruce
    Schneier and, to a lesser degree, Dan Geer and found their opinions to be
    Yes, I agree with the summary of their findings as reported in the press.
    While the monoculture infection concept may be new to IT, it is an old one
    in areas of biodiversity such as agricultural crops.  Similar kinds of
    warnings have been raised over genetic reduction of food crop seed stocks,
    so far to no apparent avail.
    Yes, my firm will continue to use Microsoft SW armored up with security
    updates, current virus protection, and firewalls.  I long for a better world
    but I do not see Redmond's detractors offering an acceptable one today.
    That said, what a reckless fellow to so endanger his firm by not seeking
    their prior approval to commence the work, and permitting internal peer
    review of the findings prior to release, et al.  What was he thinking would
    happen?  Another rendering of "Mr. Smith Goes to Washington"?  Having
    scanned the news items on this matter before replying, I am struck by a lack
    of common sense apart from technical brilliance on Geer's part.  Context is
    often as crucial as the message itself.  Whatever the technical merits of
    the findings, the impact was far greater as it was released by avowed
    competitors to his employer's key customer.  Given Geer's central role as
    CTO, his firm was placed in a binary position to either support or disavow.
    Our consultancy does much work in supply chain analysis and if we were to
    author exposÚs of client performance, we would be shown the door and would
    not likely gain entries into others.  I like to say that, 'Expiation is good
    for the soul but scant value to the pocketbook.'  Mark me as you will, but
    unless I was willing to risk a substantial -- and not immediately
    replaceable -- portion of my firm's revenue stream, I would have done just
    as his employer has done.
    I wish Geer well, perhaps in a neutral think tank such as Cert, where he can
    continue his investigations and help produce better applications for us all.
    Regards, Gordon Housworth
    Intellectual Capital Group LLC
    26775 Crestwood
    Franklin, MI 48025
    +1 248.626.1310
    Politech mailing list
    Archived at http://www.politechbot.com/
    Moderated by Declan McCullagh (http://www.mccullagh.org/)

    This archive was generated by hypermail 2b30 : Sun Sep 28 2003 - 23:08:50 PDT