Anti-Microsoft Security Report Mired in Politics
@stake fires CTO for co-authoring document; impartiality of researchers, backers challenged
Computerworld - WASHINGTON -- A report that might have been a valuable contribution to the study of the security ramifications of monolithic IT infrastructures has instead become a pawn in the unending political battle between pro- and anti-Microsoft factions. And it has cost one of the co-authors his job.
The controversy stems from a report released Sept. 24 by seven self-proclaimed independent researchers from the IT security industry that harshly criticized Microsoft Corp.'s monopoly hold on the software industry. That hold is a fundamental cause of security problems that now confront the global Internet community, the report contends.
The day after the report's release, co-author Dan Geer was fired from his job as chief technology officer at Cambridge, Mass.-based @stake Inc., a security company that derives a hefty percentage of its income from Microsoft. Moreover, the firing was made retroactive to Sept. 23 so that @stake could further distance itself from Geer and the report, sources close to the situation said.
An @stake official, who spoke on condition of anonymity, confirmed that Geer was fired and said that as a corporate officer he should have known that Microsoft was a client of the company. "It's not a matter of the content of the report; it's a matter of ethics and respect for clients," the official said.
Geer couldn't be reached for comment on Friday.
Chris Wysopal, @stake's director of research, said the company had no argument with the report's basic premise that technological diversity poses less of a security risk than monolithic architectures. "But the way the report is positioned and a lot of its conclusions are things we don't agree with. The report is a bit one-sided," he said.
In any case, the firing didn't go down well with other authors of the report.
"Its very sad that @stake fired him for this," said Bruce Schneier, a co-author and founder of Cupertino, Calif., security consultancy Counterpane Internet Security Inc. "We as security researchers regularly speak, write and do reports that express our professional opinions. We assume that companies hire us for our integrity and honesty."
The authors of the report "CyberInsecurity: The Cost of Monopoly. How the Dominance of Microsoft's Products Poses a Risk to Security" may have actually undermined their independence by teaming with the Computer & Communications Industry Association.
The CCIA is a Washington-based industry group whose members include direct Microsoft competitors such as Sun Microsystems Inc. and Oracle Corp., and it has supported the U.S. and European investigations into what the group has called "Microsoft's competitive abuses." The CCIA not only published and publicized the report on
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!