The point I am missing here - we might not like M$ to have won, but who else could? It is a government, so think big companies. Would you rather it was Symantec or IBM? Or think about the big systems integrators EDS and CSC style <yuk> would that be much better? Smaller players like Veridian or Secureinfo - would we be served any better if they could actually make themselves credible? Nah, don't think so - it was bound to be a big one. Big organisations want big suppliers....
And think again, elections are coming up and funding is needed. Of the companies I named, IMHO most would be worse than M$, so let's just forget about the general dislike of Outlook and ActiveX and be realistic. There is a wunderfull saying in dutch that roughly translates to "the devil allways dumps on the big heap". And we all know that big heaps tend to smell funny. yossarian ----- Original Message ----- From: "Jason Coombs" <[EMAIL PROTECTED]> To: "Brad Bemis" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, July 16, 2003 9:55 PM Subject: RE: [Full-Disclosure] Microsoft wins Homeland Security Bid ( Reuters) > Aloha, Brad. > > Nice essay. However, you miss the point entirely. It is inappropriate to give > Microsoft the benefit of the doubt. > > U.S. taxpayer money literally pours into Microsoft's coffers, the present > contract win being just one example. In return, U.S. citizens receive a > government that is unable to comprehend the most basic of information security > concepts because the computing platform used by so much of the U.S. government > is substandard and the vendors more concerned with appearances than provable > security. > > > Microsoft products can actually provide a great deal of security > > (so long as you can implement an effective patch management > > solution on top of your host hardening procedures). > ... > > Microsoft is going to work very hard with the DHS to provide a > > secure baseline > > Microsoft will have to work hard, because they'll be working against > themselves more than anyone else, and they are a formidable adversary. Perhaps > you do not understand what Microsoft did when they designed their "Baseline > Security Analyzer" software... By design this software performs as little > scanning as possible so that the results of its analysis more often reveal > "your baseline security is great!" -- they intentionally crippled this tool's > capabilities, giving admins a false sense of security and contributing to the > emergence of SQL Slammer. You're saying that you wish to both forgive them > (and obviously, forget their past bad acts) and presume that they will never > do such a thing again... I sure hope you don't vote and that you never find > yourself burdened with the power to make important decisions. > > > security is a process, not a product. > > The first step in this process is to select technology and vendors that do not > actively work against the interests and requirements of security. > > > Comments stating that Microsoft will be incapable of providing an > > appropriate service (or at least a service comparable to any > > competitor in the marketplace) are biased and without merit. > > There is nothing wrong with bias; in fact, it is an essential security > countermeasure. > > You are correct, though, that comments stating that Microsoft will be > incapable of providing an appropriate service to the U.S. government are > without merit -- provided that Microsoft selects Linux as the OS and minimizes > the number of features and the amount of software they deploy, they surely are > capable of providing a service that is comparable to any competitor in the > marketplace. They're smart people. The problem is that these smart people are > forced to haul around a stinking mess of insecure code in order to advance > their corporate brand marketing interests every time they do a job. This is > just plain harmful, and it has no place in government computing paid for by > taxpayers. > > Sincerely, > > Jason Coombs > [EMAIL PROTECTED] > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Brad Bemis > Sent: Wednesday, July 16, 2003 6:22 AM > To: [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] Microsoft wins Homeland Security Bid ( > Reuters) > > > I find it interesting that so many negative comments have been made about > this. > > ... > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
