Integrity at Stake | eWeek

Integrity at Stake

Écrit par
eWEEK EDITORS
eWEEK EDITORS
Oct 13, 2003
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

When a business outsources its technology infrastructure to a services company, the businesss executives need to have a high level of trust in the outsourcing provider. When the services company is handling the security infrastructure of a business, the required level of trust is at its highest. Companies must trust, above all, that the provider has integrity, that it bases its decisions and actions solely on technological considerations, and that it is not a tool of influential industry players.

Thus, its our view that @Stake officials acted unwisely in firing the companys chief technology officer, Dan Geer, a highly respected security researcher with 30 years experience in the field. The firing took place one day after a paper that Geer co-authored with several other prominent security experts was published. The paper finds fault in the excessive use of a single product family—the scientific term is monoculture—and blames it for the recent spike in security problems. In the case of the IT industry, the single product family is that of Microsoft.

A statement that a monoculture is vulnerable to attack is hardly controversial. Bruce Schneier, one of the papers co-authors, told eWEEK security reporter Dennis Fisher that researchers have been saying this for a decade. In addition, Geer was clear the positions were his, not @Stakes. But Geer was fired right after the paper was published. Since Microsoft is a big customer of @Stake, it does not take a fertile imagination to guess that @Stake took action to please Microsoft.

Companies take all kinds of actions to appease big clients or to maintain good relations with key industry partners. But while this may be business as usual for many companies, security companies and their customers would be better served by a higher standard. Customers need to know that actions are being taken for sound technological reasons, based on what works and what doesnt, with the customer, above all, in mind.

Unfortunately for @Stake, customers may now wonder if its consultants make decisions based on the influence of @Stakes partners and clients or based on objective judgments. If an @Stake representative says its OK to use a certain system in a specific configuration, is that statement based on technological honesty, or is it because the product is an important one for an @Stake client?

Whether or not doubts are justified, once a doubt appears, companies will wonder if they might be better off with another security company that has more clearly demonstrated its integrity in the face of industry influence.

If patients suspect that a doctor is prescribing medication not because patients need it but to maintain a good relationship with a drug company, that doctors practice would justifiably suffer. In IT security, the same principle should apply: The burden of proof is on those whose livelihood depends on the trust of others.

Send your comments to eWEEK@ziffdavis.com.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.