The chief technology officer of @stake, an IT security company with close ties to Microsoft, was reportedly sacked by his company just after he released a report critical of the Redmond, Washington-based software vendor.
Daniel Geer, also one of the founders of the company, is principal author of the paper “Cyberinsecurity: The Cost of Monopoly,” which was first made public at the Computers & Communications Industry Association’s 30th annual Washington Caucus on Wednesday.
The report asserted that Microsoft’s monopoly of most of the world’s computer operating systems creates a monoculture that leaves IT infrastructures critically vulnerable to attack. Therefore, it warned, antitrust is a security issue as well as an economic one.
“Microsoft’s attempts to tightly integrate myriad applications with its operating system have significantly contributed to excessive complexity and vulnerability,” Geer said. “The deterioration of security compounds when nearly all computers rely on a single operating system subject to the same vulnerabilities the world over.”
He added, “Ironically, Microsoft’s efforts to deny interoperability of Windows with legitimate non-Microsoft applications have created an environment in which Microsoft programs interoperate efficiently only with Internet viruses.”
Nothing Much from @stake
On Thursday, the day after the paper’s release, @stake issued a brief statement noting that, as of last Tuesday, Geer no longer is associated with the company.
“Although Dr. Geer announced that his CCIA-sponsored report was an independent research study, participation in and release of the report was not sanctioned by @stake, [and] the values and opinions of the report are not in line with @stake’s views,” the company said. “Any use of his title or current affiliation with @stake should be corrected.”
Will Rodger, director of public policy at the CCIA, told the E-Commerce Times that although he does not know what happened beyond what news publishers have reported, @stake’s action “bears all the hallmarks of revenge and makes us all wonder.”
Shooting the Messenger?
As Rodger put it: “Here is the founder of one of the most prominent security companies in the field, [who] is one of the most prominent security specialists in the field, issuing a report that has been the consensus for some time that the main threat [to IT infrastructures] is monoculture.
“Nothing Geer said was particularly radical,” Rodger added. “But what is news is that for the first time a group of really renowned researchers have gotten together to write a paper about dangers of monoculture [that tells] policy makers that they have got to do something about it.”
Crock of Garbage
Jim Hurley, vice president of security and privacy at Aberdeen Group, told the E-Commerce Times that the theory behind Geer’s paper puts forth a biological model that says a monoculture is more susceptible to infectious disease and mutations that can threaten the species as a whole.
However, Hurley said he does not accept this analogy.
“This model is a crock of garbage for the simpletons in the world who don’t want to deal with underlying technological problems….” he said. “It will only serve to cause further confusion.”
Watch the Access Policies
Instead, Hurley said, discretionary access control policies — which determine how security policy and security itself is implemented in everything from operating systems to routers and switches — are at the root of the design flaws that make systems vulnerable to attack. According to him, the fundamental security design in all of these products led to problems in maintaining security.
However, Hurley did note that although he knows only what is contained in published reports of Geer’s firing, one can infer that @stake is telling people it can be bought — which does not cast the company in a good light.
“Based on reports to date without substantive comments from @stake about Geer leaving, it doesn’t sound right,” Hurley said.
Dan Geer, a respected computer scientist, is fired because he publicizes the security risks inherent in computer monoculture. If THAT doesn’t convince you that Microsoft represents a dangerous and abusive monopoly, then you are beyond convincing.
@Stake is dead. When they fired Dr. Geer, they basically stuck a tube into the company and sucked out its collective brain. The executive masthead now includes a roster of obscure corporate lifers who have about the same level of credibility in the security industry as any random used car salesman. If Dr. Geer is going to sue, he’ll have to make it quick because this company is going to be stone cold dead – rotting, stinking, maggot-ridden black and blue dead – by the end of 2004. The investors might have well just pointed a gun down the front of their pants and fired . . . and gone golfing with the precipitate. You figure Battery and Madison Dearborn would have had more smarts than this.
I have had the pleasure of working for Dan Geer. His integrity is unquestionable and his goals are always towards the betterment of society and mandkind – and not the bottom line. He will have no problem finding work in any city he desires.