It is now clear that the U.S. Department of Homeland Security need rely on no-one to advise them on computer security risks to the homeland. The binary choice of Microsoft as either a) good or b) bad, has now become a unary choice of a) good. At least, by all gainfully employed security experts [1].
So, why waste the taxpayer's money in asking anyone?
This may make USG purchasing decisions easy, but the expulsion of Dan Geer was rather ham fisted, and will haunt Microsoft in the private sector for some time.
IBM used to pull this trick, back in the good old days of pre-net (I'm talking the 70's and 80's here...). Then, if you went up against the IBM purchasing decision, you knew your job was on the line.
Everyone in the industry knew what "nobody ever got fired..." meant. It didn't only mean that your job was safe if you bought IBM, it also meant that you could be receiving your pink slip for challenging the decision.
Thankfully, those days are long gone, and IBM has real competitors to protect each and every purchasing IT decision maker against the manipulations of a dominating provider. Yet, Microsoft seems to have blundered into this situation without realising the dangers. It has handed its compeititors a no-risk sales argument, as they will never let anyone forget that Microsoft wields immense power - distorting, damaging, and blind power that can do as much harm to the purchaser as it can do good.
Not to mention AtStake, who will probably sink into the mire of the old party game: "remember AtStake?" What on earth are people going to say when they hear that AtStake has been hired to work on securing the next generation of Aegis cruisers or the new Total Awareness Solution?
"Oh, we'll be safe until someone gets fired..."
"At least anyone who's fired can get a job with El Qaeda..."
The good news is that if they do go down, at least the employees will have the added benefit of being fired by @Stake.
I wonder how long it will be before people have forgotten the true pedigree of the phrase "nobody ever got fired for buying IBM?"
[1] These links have been posted on the cryptography archives:
bostonherald
ecommercetimes
mgnetwork
http://www.enhyper.com/cgi-bin/jump.cgi?ID=1167
And here's the report they wrote.
Posted by: Graeme Burnett at September 29, 2003 03:20 AMHaving read the report, I believe Microsoft guilty of two errors. They might instead have simply issued their own report, liberally plagiarising from Bastiat's _Petition_
http://bastiat.org/en/petition.html
Posted by: Ian Grigg at September 29, 2003 11:22 PM