[CLUE-Talk] Fwd: Air Force is putting pressure on software manufacturers to close security holes
Charlie Oriez
coriez at oriez.org
Tue Mar 12 02:56:04 MST 2002
ran across this on another list. thought you'd find it amusing, or
at least interesting. Red Hat should perhaps be talking to the
zoomies.
---------- Look what the cat dragged in: ----------
Subject: Air Force is putting pressure on software manufacturers to
close security holes
Date: Mon, 11 Mar 2002 13:30:20 -0500
From: Lillie Coney <lillie.coney at ACM.ORG>
To: USACM-INFO at ACM.ORG
Air Force seeks better security from Microsoft
By Byron Acohido, USA TODAY
SEATTLE A top U.S. Air Force official has warned Microsoft to
dramatically improve the security of its software or risk losing the
Air Force as a customer. In an interview, Air Force chief
information officer John Gilligan revealed he has met with senior
Microsoft executives to tell them the Air Force is "raising the bar
on our level of expectation" for secure software.
Since being named Air Force CIO in November, Gilligan, who controls a
$6 billion-a-year technology budget, also has met with executives
from Cisco Systems and delivered a similar message at a handful of
industry forums. "We just can't afford the exposures, and so those
who give us better solutions, that's where we're going to put our
business," Gilligan says.
Gilligan, former Energy Department CIO, has discussed security most
often with executives at Microsoft. "They are the biggest supplier
to the Air Force, and my attempt has been to encourage them to set
an example," he says. Reacting to rising criticism from the Air
Force and others, Microsoft Chairman Bill Gates in mid-January
issued a directive making security the software giant's No. 1
priority.
Gates directed 7,000 programmers to spend February scouring the
Windows operating system for openings hackers might exploit to steal
data or shut down systems.
"This is what our customers expect and demand," says Steve Lipner,
Microsoft's director of security assurance. "Message received. We're
working night and day on security."
Two years ago, the Love Bug virus "ran rampant" through the Air
Force's e-mail system, which runs on Microsoft Exchange software,
says Michael Erbschloe, vice president of research at Computer
Economics and author of two books on computer security.
The Love Bug caused an estimated $8 billion in damages to computer
systems worldwide. Last year, the Code Red virus and Nimda worm,
designed to attack Microsoft Internet Information Server software,
wrought an estimated $5 billion in damages.
Experts now worry that a cyberattack could knock out power, water,
transportation and communication systems.
"The military and the government don't really have too much choice at
this point except to start to put pressure on Microsoft and others
to improve software security," Erbschloe says.
Gilligan blames software makers for historically delivering products
with "relatively low-level quality" under the assumption that
customers would tolerate fixes to come later.
Changing that pattern won't come easy, he says. "This is not a matter
of just one day issuing a policy within a company that says we're
going to now pay more attention to security," he says.
"There are going to have to be some very specific and significant
investments made in changing processes for the future."
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 507
1100 Seventeenth Street, NW
Washington, D.C. 20036-4632
202-659-9711
-------------------------------------------------------
--
Charles Oriez coriez at oriez.org
39 34' 34.4"N / 105 00' 06.3"W
**
You can't be a real country without a beer and an airline.
A football team and some nuclear weapons help, but at the
very least you need a beer - Frank Zappa
More information about the clue-talk
mailing list