“The fact that the U.S. Department of Homeland Security awarded Microsoft Corp. a $90 million enterprise software deal two days after Bill Gates met with DHS Secretary Tom Ridge in Washington is more than sheer coincidence,” reports Dan Verton for Computerworld. “It’s now a major security headache for a mammoth new agency that security experts say lacks the wherewithal to have considered alternative sources for its software.”
Verton reports, “On June 25, Gates met with Ridge and other leaders on Capitol Hill. And on June 27, the DHS signed a contract with the company for server and desktop software for approximately 140,000 users. The DHS described the contract as a critical step in the department’s efforts to establish a common computing environment for its 22 formerly independent agencies. But with the discovery last week of a critical security flaw affecting nearly every version of the Windows operating system — including Windows Server 2003, the first product to be sold under Microsoft’s so-called Trustworthy Computing initiative — some security experts are warning that the DHS may have backed itself into a security quagmire.”
“‘They had a choice, but it would have been costly and time-consuming,’ said Roger Cressey, former chief of staff of the President’s Critical Infrastructure Protection Board. ‘The real alternative was to go open-source. But for 22 agencies, an overwhelming majority of which use nothing but Microsoft operating systems, to convert to another platform in an efficient and cost-effective manner would have been hard to accomplish,’ said Cressey. ‘DHS has neither the time, the money, nor the flexibility for that. Now it is held hostage to the imperfections of Microsoft code-writing,'” Verton reports.
Full artile here.
