lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <AE46D0386422BF4FA18E1A9FB67161A004D08065@GOAEVS01.abf.ad.airborne.com>
From: Brad.Bemis at airborne.com (Brad Bemis)
Subject: Microsoft wins Homeland Security Bid (
 Reuters)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I find it interesting that so many negative comments have been made about
this.  

Throwing off the biases against Microsoft for past code-based
transgressions and the historical promulgation of insecure software, it is
not like Microsoft hasn't made a significant effort to revamp the security
of its more modern systems.  While they still have a long way to go over
the next 5 to 10 years, they have made several commitments to the
realization of their proposed trustworthy computing initiatives.  

I am by no means arguing that Microsoft systems are secure, but I would
like to point out that Windows 2000 and XP offer a myriad of security
enhancements that, given a COMPETENT installation by a KNOWLEDGEABLE system
administrator following DOCUMENTED practices for device hardening,
Microsoft products can actually provide a great deal of security (so long
as you can implement an effective patch management solution on top of your
host hardening procedures).  This progressive migration toward a more
secure operating platform is further evidenced by the "secure by design,
secure by default" shift in security philosophies centered around the
release of Windows 2003 Server.      

My point is that security is a process, not a product.  Microsoft is going
to work very hard with the DHS to provide a secure baseline that takes into
account the sensitivity of information associated with the defense of
critical infrastructure assets.  Comments stating that Microsoft will be
incapable of providing an appropriate service (or at least a service
comparable to any competitor in the marketplace) are biased and without
merit.    

Of course, this is probably the worst forum possible to make a statement of
this nature and I am sure I will be flamed repeatedly.


Thank you for your time and attention,

========================
Brad Bemis
========================
 

-----BEGIN PGP SIGNATURE-----

iQA/AwUBPxV7oJDnOfS48mrdEQJaYgCfU1TjrhwMxK20EVCqUoogEwc4qJ0AoOuZ
n/cZY6ZFy+MmTaP4C8Qtt/6n
=S/qm
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ