Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Perhaps it's time to regulate Microsoft as Critical Infrastructure?
From: Kurt Buff <kurt.buff () gmail com>
Date: Tue, 26 Jan 2010 17:26:01 -0800

On Mon, Jan 25, 2010 at 14:11,  <Valdis.Kletnieks () vt edu> wrote:
On Mon, 25 Jan 2010 20:03:03 -0200, Rafael Moraes said:
This is a subject that need to be discussed very carefully. I agree, It
should be "controlled", but, how far?

In particular, one must be *very* careful to not create unintended
consequences. For instance, in general the more regulated an industry is, the
more risk-adverse the companies get - both because regulation implies "don't
rock the boat" and the second-order effects of compliance paperwork and similar
issues.  Look at the mountains of paperwork needed to get the FAA to
type-certify a new airplane as airworthy - what if Microsoft had to do that
level of detail for Windows 8, the next release of Exchange, and the next
release of Office?

How do you make Microsoft "regulated" in any meaningful sense, and still allow
them the ability to ship an out-of-cycle patch?

That's one issue. There are others.

The real issue, though, is not "how to regulate MSFT". It's how to
level the playing field.

Best way I can think of to do that is to specify document formats, and
make them available to all. ODF may not be the right format, but it's
in the right direction. If government(s) were to specify that any
software they buy needs to read and write a particular set of formats,
with the specifications of those formats publicly available for no
more than the cost of copying them, and that they would only accept
documents in those formats, then anyone could build software that
meets those specifications.

Then you'd see a more competitive environment.

Kurt

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]