Full Disclosure mailing list archives

RE: Microsoft wins Homeland Security Bid ( Reuters)


From: "Brad Bemis" <Brad.Bemis () airborne com>
Date: Wed, 16 Jul 2003 11:43:20 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That *shouldn't* be how security intensive situations work. Security
can *not* be an afterthought based on consumer analysis when going
into a forum that is specifically security oriented. Security should
have been built into the product from point of conceptualization.

You are absolutely right!  I will not argue this point at all.  The only
thing I will say is that product security is based on a process of
evolution.  My statement was intended to indicate that it is customer
demand that drives the speed of that evolution.  

Microsoft should not win a security bid because it might give them
"more incentive" to make a more secure product. If the product lacks
security the product should not be considered for secure solutions:
case closed. Thinking of this kind is only perpetuating the
problem and disconnecting our community from the solution.

That is not the primary driver behind any of the statements made thus far. 
I am almost certain that this win for Microsoft will have very little to do
with the well-defined roadmap for security improvements that has already
been established.  This of course relates to the observation made above.  I
in no way intended for the comments made to be interpreted as support for
perpetuating a lack of security (in fact, my professional ethics would be
quite suspect if I did  ;-)

The thought process you present here is akin to giving an ex convict
a gun based on his word that he wont shoot you once he's got it. The
convict must prove that he understands the capability and consequences
of utilizing a weapon in a fashion that negates the fabric of 
a society based on freedom and equality.

This is the point at which we digress from the topic at hand and find
ourselves casting unnecessary disparities.  If that is your interpretation
of the thought process presented than so be it.    


Thank you for your time and attention,

========================
Brad Bemis
========================






-----Original Message-----
From: northern snowfall [mailto:dbailey27 () ameritech net]
Sent: Wednesday, July 16, 2003 12:29 PM
To: Brad Bemis
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Microsoft wins Homeland Security Bid (
Reuters)




I would hope and think that this would give Microsoft 
more incentive to make their products more secure from 
the begging.  I see this as possibly being a benefit to all of 
us (hopefully).


Agreed!  Customer demand is the only way that we as a community can
influence the evolution of inherent security controls, 
whether the target
of discussion is Microsoft or any other product vendor.    

That *shouldn't* be how security intensive situations work. Security
can *not* be an afterthought based on consumer analysis when going
into a forum that is specifically security oriented. Security should
have been built into the product from point of conceptualization.

Microsoft should not win a security bid because it might give them
"more incentive" to make a more secure product. If the product lacks
security the product should not be considered for secure solutions:
case closed. Thinking of this kind is only perpetuating the
problem and disconnecting our community from the solution.

The thought process you present here is akin to giving an ex convict
a gun based on his word that he wont shoot you once he's got it. The
convict must prove that he understands the capability and consequences
of utilizing a weapon in a fashion that negates the fabric of 
a society
based on freedom and equality.

Don

http://www.7f.no-ip.com/~north_






-----BEGIN PGP SIGNATURE-----

iQA/AwUBPxWcyJDnOfS48mrdEQJ4qACeI+eonUNhWAU4Ukea2bY6Rrw6774AoJn9
iV4XKMUY6733rFZ1zUtnVLsB
=Qj60
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Current thread: