Anti-Microsoft Security Report Mired in Politics

Computerworld - WASHINGTON -- A report that might have been a valuable contribution to the study of the security ramifications of monolithic IT infrastructures has instead become a pawn in the unending political battle between pro- and anti-Microsoft factions. And it has cost one of the co-authors his job.
The controversy stems from a report released Sept. 24 by seven self-proclaimed independent researchers from the IT security industry that harshly criticized Microsoft Corp.'s monopoly hold on the software industry. That hold is a fundamental cause of security problems that now confront the global Internet community, the report contends.
The day after the report's release, co-author Dan Geer was fired from his job as chief technology officer at Cambridge, Mass.-based @stake Inc., a security company that derives a hefty percentage of its income from Microsoft. Moreover, the firing was made retroactive to Sept. 23 so that @stake could further distance itself from Geer and the report, sources close to the situation said.
An @stake official, who spoke on condition of anonymity, confirmed that Geer was fired and said that as a corporate officer he should have known that Microsoft was a client of the company. "It's not a matter of the content of the report; it's a matter of ethics and respect for clients," the official said.
Geer couldn't be reached for comment on Friday.
Chris Wysopal, @stake's director of research, said the company had no argument with the report's basic premise that technological diversity poses less of a security risk than monolithic architectures. "But the way the report is positioned and a lot of its conclusions are things we don't agree with. The report is a bit one-sided," he said.
In any case, the firing didn't go down well with other authors of the report.
"Its very sad that @stake fired him for this," said Bruce Schneier, a co-author and founder of Cupertino, Calif., security consultancy Counterpane Internet Security Inc. "We as security researchers regularly speak, write and do reports that express our professional opinions. We assume that companies hire us for our integrity and honesty."
The authors of the report "CyberInsecurity: The Cost of Monopoly. How the Dominance of Microsoft's Products Poses a Risk to Security" may have actually undermined their independence by teaming with the Computer & Communications Industry Association.
The CCIA is a Washington-based industry group whose members include direct Microsoft competitors such as Sun Microsystems Inc. and Oracle Corp., and it has supported the U.S. and European investigations into what the group has called "Microsoft's competitive abuses." The