Integrity at Stake
When a business outsources its technology infrastructure to a services company, the business's executives need to have a high level of trust in the outsourcing provider.When a business outsources its technology infrastructure to a services company, the businesss executives need to have a high level of trust in the outsourcing provider. When the services company is handling the security infrastructure of a business, the required level of trust is at its highest. Companies must trust, above all, that the provider has integrity, that it bases its decisions and actions solely on technological considerations, and that it is not a tool of influential industry players. Thus, its our view that @Stake officials acted unwisely in firing the companys chief technology officer, Dan Geer, a highly respected security researcher with 30 years experience in the field. The firing took place one day after a paper that Geer co-authored with several other prominent security experts was published. The paper finds fault in the excessive use of a single product familythe scientific term is monocultureand blames it for the recent spike in security problems. In the case of the IT industry, the single product family is that of Microsoft.
A statement that a monoculture is vulnerable to attack is hardly controversial. Bruce Schneier, one of the papers co-authors, told eWEEK security reporter Dennis Fisher that researchers have been saying this for a decade. In addition, Geer was clear the positions were his, not @Stakes. But Geer was fired right after the paper was published. Since Microsoft is a big customer of @Stake, it does not take a fertile imagination to guess that @Stake took action to please Microsoft.