[Am-info] Air Force Has A Mission For Microsoft

Fred A. Miller fm@cupserv.org
Fri, 15 Mar 2002 13:23:05 -0500 

Air Force Has A Mission For Microsoft

As if Microsoft didn't have enough trouble with the government. 
Now an Air Force CIO is taking the vendor--and its competitors, 
too--to task, saying they need to step up their efforts to 
establish improved security standards. 
 
Coding errors in commercially developed software account for 
roughly 80% of successful system intrusions, says Air Force CIO 
John Gilligan. And hacks today may be aimed at causing more than 
bottom-line damage. "This is no longer an economic issue. This is 
clearly a national-security issue," Gilligan says. The cost and 
energy the Air Force is expending on dealing with coding flaws 
that are found almost every day, and which could create 
opportunities for hackers, is taking its toll. It's "rising very 
fast--approaching the point where we're spending more money to 
find, patch, and fix vulnerabilities than we paid for the 
software," he says.
 
Microsoft doesn't necessarily have worse design problems than 
other vendors the Air Force buys products from, such as Cisco 
Systems and Oracle, but it's the largest IT supplier for the Air 
Force. So it has "the opportunity to show leadership in the 
industry," Gilligan says. Microsoft has helped set the right tone 
with chairman Bill Gates' internal memo advocating "trustworthy 
computing, [but] the key will be, what's the follow through?"
 
Gilligan met last fall with Microsoft execs Rick Belluzzo and 
Howard Schmidt (now vice chairman of the federal Critical 
Infrastructure Protection Board) to discuss mounting security 
problems. The Air Force has instituted more rapid processes for 
patching, but it's no easy task to manage 400,000 desktops 
running Microsoft software. "We're not leaving Microsoft in a 
week or six months," Gilligan says. But if the company doesn't 
improve, the Air Force, with roughly a $6 billion IT budget, will 
weigh other software options, he says. "Even though Microsoft may 
have good functionality in products and the purchase price may be 
reasonable, the overall life-cycle cost and vulnerability may 
cause us to look at other products." - Sandra Swanson

Search for secure computing
Software's Challenge
http://update.informationweek.com/cgi-bin4/flo?y=eGOg0Bce7K0V20BVpd0Aa

-- 
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
---KMail 1.3.2--- SuSE Linux v7.3 Pro---