[Am-info] Feds Bypass Procurement Procedures To Buy More Secure Systems

[Fred A. Miller]

=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Makes ya wanna puke......"because of the security of Windows Server 2003."

=46red

=46eds Bypass Procurement Procedures To Buy More Secure Systems
(4 February 2003)
The final draft of the National Strategy to Secure Cyberspace suggest
that federal agencies will be able to purchase secure software outside
of normal procurement procedures.  Microsoft's Susan Koehler claims
some agencies are already getting special approval to bypass the
purchasing process "because of the security of Windows Server 2003."
http://www.eweek.com/article2/0,3959,864577,00.asp
[Editor's Note (Paller): Procurement facilitation for more secure
systems can be an element of a powerful strategic initiative that
uses federal procurement to encourage vendors to deliver safely
configured software. However, it would be dangerous for agencies
to use this new flexibility to buy software simply because it
is approved under the Common Criteria.  Common Criteria-approved
systems are often dangerously vulnerable, unless they are delivered
with installation scripts that comply with secure configuration
benchmarks - such as those published by the NSA and the Center
for Internet Security. Contracting officers who believe vendors'
claims that Common Criteria certification implies effective security,
may regret their decision when a worm like Slammer takes over their
systems and brings down their networks.]
=2D --=20
If you listen on a quiet nite you, can hear
the sound of a Windows 2000 Server reboot.
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+UGPMrnzt99/TR+cRAm0XAJoDw0cxH1L1b/nWvi0gkLOKYWFzEwCgiyjj
jCHwkEW3i3COYtS4212/7aE=3D
=3DUCJL
=2D----END PGP SIGNATURE-----