December 09, 2005

Dan Geer's Penetrating Remarks

Hon. Marc R. Pacheco
Massachusetts Senate
State House, Room 312-B
Boston, Mass. 02133

re: OpenDocument Standards

Dear Sen. Pacheco,

My name is Dan Geer. I am one of the half dozen ranking world experts in matters of computer security. By virtue of a long career both in academia (MIT and Harvard) and the private sector (six times an entrepreneur), there is absolutely no one in the State House who is not using software that I had a hand in producing, including yourself. I am a trusted advisor to the Federal Trade Commission, the Departments of Justice and Treasury, the National Academy of Sciences, the National Science Foundation, the US Secret Service, and the Department of Homeland Security. I am a Board member for a number of promising startups and their funding sources, have forty-two refereed publications, books and book chapters, four patents, over two hundred fifty invited presentations twenty percent of which were keynotes, and have been five times before the US Congress -- twice as lead witness. I have taught ten thousand students in the aggregate.

As an Officer of the Commonwealth, you understand the monopoly power of Microsoft quite well as the Commonwealth was the last man standing in the most recent round of antitrust litigation. What perhaps you did not grasp is the degree to which a computing monoculture is a security risk of the highest sort. It is, and I and others in the security research community are on record in unassailable ways that a computing monoculture is a hazard, but that it is an avoidable hazard if you want it to be. Microsoft maintains its power through user-level lock-in, as the Commonwealth noted and which it so adequately opposed. So long as that lock-in persists, there will be no solution to the monoculture risk. That lock-in is centered on and wholly confabulated with the use of proprietary formats for all documents produced by the Office Suite. Therefore, as a matter of logic and logic alone, if you care about the security of the Commonwealth then you must care about the risk of a computing monoculture. If you care about the risk of a computing monoculture, then you must care about barriers to computing diversification. If you care about barriers to computing diversification, then you must care about user-level lock-in. If you care about user-level lock-in, then you must apply yourself to the task of breaking the proprietary format stranglehold on the Commonwealth.

Fortunately, that has already begun. The Enterprise Technical Reference Model and its call for Open Document standards is precisely what is needed and it is not a moment too soon. As a ranking security professional with a doctorate in statistics, I can provide any amount of technical, quantitative proof that Open Documents are the point of maximum leverage and that the risk of remaining as we are exceeds any non-specialist's understanding including, with respect, yours. Warning times before attacks take place have fallen to zero. There is a new Windows virus every four hours. Perhaps 15% of all desktop Windows computers are running malware of some sort and I'll bet you $100 that includes your office. There is a direct and demonstrable correlation between increasing complexity of the Windows system and the effectiveness of attacks. Jurisdictional boundaries are meaningless if not undetectable in an always-on, fully-networked world. And as you almost surely know, your opponents are no longer misanthropic isolates but are instead professionals. So long as the Commonwealth voluntarily allows itself to be locked-in by the proprietary document formats of a proven monopoly, the Commonwealth cannot diversify and therefore the Commonwealth cannot mitigate its risk in any but the most marginal and palliative ways.

I am ready to vigorously debate these points with any and all comers both privately and in any venue. This is, in other words, a matter on which I actually do stake my professional reputation, my fortune, and my sacred honor. How may I be of assistance?

Very truly yours,

Daniel E. Geer, Jr., Sc.D.

P.S. I have blind relatives and if genetics is any guide may have that in my future. My comments still stand.

4 Comments:

At 3:02 PM, Anonymous Anonymous said...

free poker bankroll no deposit bonuses Get your FREE POKER MONEY. Poker room's that offers gratis money for fun.
poker free cash bonus cash bonus or bonuses is like heaven for many poker players who play gaiming texas holdem rules.
free $50 $150 bankroll $30 starting capital +$120 bonus, refresh that obligatory tables.
sites construction fast - bonus growing level high - storage or boring.
bonuses without deposit, global worm poker finder and frerolls for your career to ending many options, poker portals free money.
Some online poker sites that have freeroll ant free sponsorship wtop tours where you don't need to make any deposit to enter
no quiz no deposit bonus, bonuses without deposit Chips brings you all the very latest no deposit poker offers. ... Promotion, $10 with no deposit requred at all sharks.
free poker cash and bonus titker rooms, so youound poker ...
free $50 no deposit online poker made for you a selection of the best poker deposit.
free poker bankroll no deposit. for you to cash this bonusses: You only have to download the software and install on your computer and play internet gambling.
poker no deposit required
bonuses without deposit bankrolls eligible to your country.

 
At 4:29 PM, Blogger pedro velasquez said...

We often hear that businesses risk their corporate reputations if they don't havesportsbook adequate security. It's been a common refrain among those selling security technologies: protect your data or suffer the reputational consequences.bet nfl But, as Larry Walsh points out, the evidence is against this notion. Even companies that have suffered major security breaches — TJX, Hannaford, etc. — have suffered little lasting damage to their reputation.http://www.enterbet.com So, does this mean that reputational concerns are simply bunk?

 
At 11:17 AM, Blogger pedro velasquez said...

Dan Geer is a computer security analyst and risk management specialist. Sportsbook He is recognized for raising awareness of critical computer and network security issues before the risks were widely understood, and for ground-breaking work on the economics of security.
Geer is currently the chief information security officer for In-Q-Tel,
online betting a not-for-profit venture capital firm that invests in technology to support the Central Intelligence Agency. In 2003, Geer's 24-page report entitled "CyberInsecurity: The Cost of Monopoly" was released by the Computer and Communications Industry Association (CCIA). The paper argued that Microsoft's dominance of desktop computer operating systems is a threat to national security. march madness Geer was fired (from consultancy @Stake) the day the report was made public.[2] Geer has cited subsequent changes in the Vista operating system (notably a location-randomization feature) as evidence that Microsoft "accepted the paper. Geer received a Bachelor of Science in Electrical Engineering and Computer Science from MIT, where he was a member of the Theta Deuteron charge of Theta Delta Chi fraternity. He also received a Ph.D. in biostatistics from Harvard, and has worked for:
Health Sciences Computing Facility, Harvard School of Public Health
http://www.canadacasino.com

 
At 6:40 AM, Anonymous Anonymous said...

Well done. We re pleased with the standard of the knowledge presented. I have high hopes that you keep up with the wonderful work done.
locksmith miami fl
Opa locka Locksmiths
Locksmith Danville CA
Locksmith San Jose
San Jose locksmith
Locksmith San Jose CA
Locksmith San Jose CA
San Jose locksmith
Cicero Locksmith
Locksmith Cicero
Locksmith Cicero IL
Locksmith Cicero
Cicero Locksmith
Locksmith Cicero
Locksmith Cicero IL
Locksmith Cicero
Locksmith Cicero
Locksmith Cicero
Locksmith Cicero IL
Locksmith Cicero
Locksmith Cicero IL
Locksmith Cicero
locksmith miami fl
locksmith miami fl
irvine locksmith
locksmith hialeah
locksmith miami fl
locksmith miami fl
locksmith miami fl
irvine locksmith
locksmith hialeah
locksmith hialeah
locksmith pembroke pines fl

 

Post a Comment

<< Home