On Wed, 16 Jul 2003 09:21:52 PDT, Brad Bemis <[EMAIL PROTECTED]> said: > My point is that security is a process, not a product. Microsoft is going > to work very hard with the DHS to provide a secure baseline that takes into > account the sensitivity of information associated with the defense of > critical infrastructure assets. Comments stating that Microsoft will be > incapable of providing an appropriate service (or at least a service > comparable to any competitor in the marketplace) are biased and without > merit.
OK. Even granting that Microsoft *is* trying to improve things, that's *STILL* no excuse for giving them a sole-source. Or for *ANY* vendor to get a sole-source. If they got stuff from two independent vendors, that would at least give you a snowball's chance of half your systems surviving any given attack. There's a *reason* why the IETF requires two independent implementations to move something to 'Standard', and why the Shuttle has 5 computers - one of which is a different architecture and software system. And if there's *any* agency in the federal government that needs to be bulletproof, DHS is it....
pgp00000.pgp
Description: PGP signature
