Anti-Microsoft Security Report Mired in Politics
@stake fires CTO for co-authoring document; impartiality of researchers, backers challenged
Computerworld - WASHINGTON -- A report that might have been a valuable contribution to the study of the security ramifications of monolithic IT infrastructures has instead become a pawn in the unending political battle between pro- and anti-Microsoft factions. And it has cost one of the co-authors his job.
The controversy stems from a report released Sept. 24 by seven self-proclaimed independent researchers from the IT security industry that harshly criticized Microsoft Corp.'s monopoly hold on the software industry. That hold is a fundamental cause of security problems that now confront the global Internet community, the report contends.
The day after the report's release, co-author Dan Geer was fired from his job as chief technology officer at Cambridge, Mass.-based @stake Inc., a security company that derives a hefty percentage of its income from Microsoft. Moreover, the firing was made retroactive to Sept. 23 so that @stake could further distance itself from Geer and the report, sources close to the situation said.
An @stake official, who spoke on condition of anonymity, confirmed that Geer was fired and said that as a corporate officer he should have known that Microsoft was a client of the company. "It's not a matter of the content of the report; it's a matter of ethics and respect for clients," the official said.
Geer couldn't be reached for comment on Friday.
Chris Wysopal, @stake's director of research, said the company had no argument with the report's basic premise that technological diversity poses less of a security risk than monolithic architectures. "But the way the report is positioned and a lot of its conclusions are things we don't agree with. The report is a bit one-sided," he said.
In any case, the firing didn't go down well with other authors of the report.
"Its very sad that @stake fired him for this," said Bruce Schneier, a co-author and founder of Cupertino, Calif., security consultancy Counterpane Internet Security Inc. "We as security researchers regularly speak, write and do reports that express our professional opinions. We assume that companies hire us for our integrity and honesty."
The authors of the report "CyberInsecurity: The Cost of Monopoly. How the Dominance of Microsoft's Products Poses a Risk to Security" may have actually undermined their independence by teaming with the Computer & Communications Industry Association.
The CCIA is a Washington-based industry group whose members include direct Microsoft competitors such as Sun Microsystems Inc. and Oracle Corp., and it has supported the U.S. and European investigations into what the group has called "Microsoft's competitive abuses." The CCIA not only published and publicized the report on
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts