[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <AE46D0386422BF4FA18E1A9FB67161A004D08065@GOAEVS01.abf.ad.airborne.com>
From: Brad.Bemis at airborne.com (Brad Bemis)
Subject: Microsoft wins Homeland Security Bid (
Reuters)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I find it interesting that so many negative comments have been made about
this.
Throwing off the biases against Microsoft for past code-based
transgressions and the historical promulgation of insecure software, it is
not like Microsoft hasn't made a significant effort to revamp the security
of its more modern systems. While they still have a long way to go over
the next 5 to 10 years, they have made several commitments to the
realization of their proposed trustworthy computing initiatives.
I am by no means arguing that Microsoft systems are secure, but I would
like to point out that Windows 2000 and XP offer a myriad of security
enhancements that, given a COMPETENT installation by a KNOWLEDGEABLE system
administrator following DOCUMENTED practices for device hardening,
Microsoft products can actually provide a great deal of security (so long
as you can implement an effective patch management solution on top of your
host hardening procedures). This progressive migration toward a more
secure operating platform is further evidenced by the "secure by design,
secure by default" shift in security philosophies centered around the
release of Windows 2003 Server.
My point is that security is a process, not a product. Microsoft is going
to work very hard with the DHS to provide a secure baseline that takes into
account the sensitivity of information associated with the defense of
critical infrastructure assets. Comments stating that Microsoft will be
incapable of providing an appropriate service (or at least a service
comparable to any competitor in the marketplace) are biased and without
merit.
Of course, this is probably the worst forum possible to make a statement of
this nature and I am sure I will be flamed repeatedly.
Thank you for your time and attention,
========================
Brad Bemis
========================
-----BEGIN PGP SIGNATURE-----
iQA/AwUBPxV7oJDnOfS48mrdEQJaYgCfU1TjrhwMxK20EVCqUoogEwc4qJ0AoOuZ
n/cZY6ZFy+MmTaP4C8Qtt/6n
=S/qm
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists