From: Gordon Housworth <[EMAIL PROTECTED]>
To: "'Declan McCullagh'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: RE: [Politech] Dan Geer loses CTO job at AtStake after criticizin
g Microsoft
Date: Fri, 26 Sep 2003 09:45:46 -0400Declan
+++ Dan is a careful security professional, a good guy...
I've no doubt of that. I certainly have tracked commentary from Bruce Schneier and, to a lesser degree, Dan Geer and found their opinions to be sound.
Yes, I agree with the summary of their findings as reported in the press. While the monoculture infection concept may be new to IT, it is an old one in areas of biodiversity such as agricultural crops. Similar kinds of warnings have been raised over genetic reduction of food crop seed stocks, so far to no apparent avail.
Yes, my firm will continue to use Microsoft SW armored up with security updates, current virus protection, and firewalls. I long for a better world but I do not see Redmond's detractors offering an acceptable one today.
That said, what a reckless fellow to so endanger his firm by not seeking their prior approval to commence the work, and permitting internal peer review of the findings prior to release, et al. What was he thinking would happen? Another rendering of "Mr. Smith Goes to Washington"? Having scanned the news items on this matter before replying, I am struck by a lack of common sense apart from technical brilliance on Geer's part. Context is often as crucial as the message itself. Whatever the technical merits of the findings, the impact was far greater as it was released by avowed competitors to his employer's key customer. Given Geer's central role as CTO, his firm was placed in a binary position to either support or disavow.
Our consultancy does much work in supply chain analysis and if we were to author expos�s of client performance, we would be shown the door and would not likely gain entries into others. I like to say that, 'Expiation is good for the soul but scant value to the pocketbook.' Mark me as you will, but unless I was willing to risk a substantial -- and not immediately replaceable -- portion of my firm's revenue stream, I would have done just as his employer has done.
I wish Geer well, perhaps in a neutral think tank such as Cert, where he can continue his investigations and help produce better applications for us all.
Regards, Gordon Housworth Intellectual Capital Group LLC 26775 Crestwood Franklin, MI 48025 +1 248.626.1310 [EMAIL PROTECTED] http://www.icgpartners.com _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
