Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, February 17, 2005

Clarke rips Microsoft over security

Don’t expect Richard Clarke to rely on Microsoft Corp.‘s anti-virus or anti-spyware programs to protect his own computer.

“Given their record in the security area, I don’t know why anybody would buy from them,” the former White House cybersecurity and counterterrorism adviser said yesterday, when asked for his thoughts on Microsoft’s forthcoming line of security software.

The observation came during an impromptu interview on the sidelines of the RSA computer security conference in San Francisco, where Clarke took part in panel discussions with other experts in technological and national security.

The company plans to release an anti-virus product this year and introduce a new version of Internet Explorer this summer—about a year sooner than expected—to boost security.

He said he asked Microsoft last year to disclose the specific quality-assurance practices it was following in the pursuit of more-secure software code.  The idea, he said, would be for the software industry to collectively come up with a set of best practices for secure software development.

“There’s no fine involved, there’s no liability involved, but the marketplace is better informed, and the marketplace works better when it knows what’s going on,” Clarke said, drawing a round of applause from the crowd at San Francisco’s Moscone Center. 

“The market is demanding security now, and that hard work is going forward already,” said Amy Roberts, director of product management in Microsoft’s Security Business and Technology Unit, in the statement.

During a panel discussion on technology regulation, Rick White, a former Republican congressman from Washington state, agreed with Clarke that it would be good to establish visible standards by which companies could be judged in the marketplace.  “It’s just a question of how far you get the government involved.”  But on the subject of government involvement, White and Clarke disagreed, as illustrated by a related discussion of Internet service providers.

Posted on 02/17