From: Brad.Bemis at airborne.com (Brad Bemis)
Subject: Microsoft wins Homeland Security Bid (
 Reuters)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>That *shouldn't* be how security intensive situations work. Security
> > can *not* be an afterthought based on consumer analysis when going
> into a forum that is specifically security oriented. Security should
> have been built into the product from point of conceptualization.

You are absolutely right!  I will not argue this point at all.  The only
thing I will say is that product security is based on a process of
evolution.  My statement was intended to indicate that it is customer
demand that drives the speed of that evolution.  

> Microsoft should not win a security bid because it might give them
> "more incentive" to make a more secure product. If the product lacks
> security the product should not be considered for secure solutions:
> case closed. Thinking of this kind is only perpetuating the
> problem and disconnecting our community from the solution.

That is not the primary driver behind any of the statements made thus far. 
I am almost certain that this win for Microsoft will have very little to do
with the well-defined roadmap for security improvements that has already
been established.  This of course relates to the observation made above.  I
in no way intended for the comments made to be interpreted as support for
perpetuating a lack of security (in fact, my professional ethics would be
quite suspect if I did  ;-)

> The thought process you present here is akin to giving an ex convict
> a gun based on his word that he wont shoot you once he's got it. The
> convict must prove that he understands the capability and consequences
> of utilizing a weapon in a fashion that negates the fabric of 
> a society based on freedom and equality.

This is the point at which we digress from the topic at hand and find
ourselves casting unnecessary disparities.  If that is your interpretation
of the thought process presented than so be it.    


Thank you for your time and attention,

========================
Brad Bemis
========================






> -----Original Message-----
> From: northern snowfall [mailto:dbailey27@...ritech.net]
> Sent: Wednesday, July 16, 2003 12:29 PM
> To: Brad Bemis
> Cc: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Microsoft wins Homeland Security Bid (
> Reuters)
> 
> 
> >
> >
> >>I would hope and think that this would give Microsoft 
> >>more incentive to make their products more secure from 
> >>the begging.  I see this as possibly being a benefit to all of 
> >>us (hopefully).
> >>
> >
> >Agreed!  Customer demand is the only way that we as a community can
> >influence the evolution of inherent security controls, 
> whether the target
> >of discussion is Microsoft or any other product vendor.    
> >
> That *shouldn't* be how security intensive situations work. Security
> can *not* be an afterthought based on consumer analysis when going
> into a forum that is specifically security oriented. Security should
> have been built into the product from point of conceptualization.
> 
> Microsoft should not win a security bid because it might give them
> "more incentive" to make a more secure product. If the product lacks
> security the product should not be considered for secure solutions:
> case closed. Thinking of this kind is only perpetuating the
> problem and disconnecting our community from the solution.
> 
> The thought process you present here is akin to giving an ex convict
> a gun based on his word that he wont shoot you once he's got it. The
> convict must prove that he understands the capability and consequences
> of utilizing a weapon in a fashion that negates the fabric of 
> a society
> based on freedom and equality.
> 
> Don
> 
> http://www.7f.no-ip.com/~north_
> 
> 
> 
> 
> 

-----BEGIN PGP SIGNATURE-----

iQA/AwUBPxWcyJDnOfS48mrdEQJ4qACeI+eonUNhWAU4Ukea2bY6Rrw6774AoJn9
iV4XKMUY6733rFZ1zUtnVLsB
=Qj60
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists