[CLUE-Talk] Fwd: Air Force is putting pressure on software manufacturers to close security holes

Charlie Oriez coriez at oriez.org
Tue Mar 12 02:56:04 MST 2002 

ran across this on another list.  thought you'd find it amusing, or 
at least interesting.  Red Hat should perhaps be talking to the 
zoomies.

----------  Look what the cat dragged in:  ----------
Subject: Air Force is putting pressure on software manufacturers to 
close security holes
Date: Mon, 11 Mar 2002 13:30:20 -0500
From: Lillie Coney <lillie.coney at ACM.ORG>
To: USACM-INFO at ACM.ORG


Air Force seeks better security from Microsoft
By Byron Acohido, USA TODAY

SEATTLE  A top U.S. Air Force official has warned Microsoft to
 dramatically improve the security of its software or risk losing the
 Air Force as a customer. In an interview, Air Force chief
 information officer John Gilligan revealed he has met with senior
 Microsoft executives to tell them the Air Force is "raising the bar
 on our level of expectation" for secure software.

Since being named Air Force CIO in November, Gilligan, who controls a
 $6 billion-a-year technology budget, also has met with executives
 from Cisco Systems and delivered a similar message at a handful of
 industry forums. "We just can't afford the exposures, and so those
 who give us better solutions, that's where we're going to put our
 business," Gilligan says.

Gilligan, former Energy Department CIO, has discussed security most
 often with executives at Microsoft. "They are the biggest supplier
 to the Air Force, and my attempt has been to encourage them to set
 an example," he says. Reacting to rising criticism from the Air
 Force and others, Microsoft Chairman Bill Gates in mid-January
 issued a directive making security the software giant's No. 1
 priority.

Gates directed 7,000 programmers to spend February scouring the
 Windows operating system for openings hackers might exploit to steal
 data or shut down systems.

"This is what our customers expect and demand," says Steve Lipner,
 Microsoft's director of security assurance. "Message received. We're
 working night and day on security."

Two years ago, the Love Bug virus "ran rampant" through the Air
 Force's e-mail system, which runs on Microsoft Exchange software,
 says Michael Erbschloe, vice president of research at Computer
 Economics and author of two books on computer security.

The Love Bug caused an estimated $8 billion in damages to computer
 systems worldwide. Last year, the Code Red virus and Nimda worm,
 designed to attack Microsoft Internet Information Server software,
 wrought an estimated $5 billion in damages.

Experts now worry that a cyberattack could knock out power, water,
transportation and communication systems.

"The military and the government don't really have too much choice at
 this point except to start to put pressure on Microsoft and others
 to improve software security," Erbschloe says.

Gilligan blames software makers for historically delivering products
 with "relatively low-level quality" under the assumption that
 customers would tolerate fixes to come later.

Changing that pattern won't come easy, he says. "This is not a matter
 of just one day issuing a policy within a company that says we're
 going to now pay more attention to security," he says.

"There are going to have to be some very specific and significant
 investments made in changing processes for the future."
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 507
1100 Seventeenth Street, NW
Washington, D.C. 20036-4632
202-659-9711

-------------------------------------------------------

-- 
Charles Oriez     coriez at oriez.org
39  34' 34.4"N / 105 00' 06.3"W 
**
You can't be a real country without a beer and an airline.
A football team and some nuclear weapons help, but at the
very least you need a beer - Frank Zappa

More information about the clue-talk mailing list