>From a 2002/05/13 article by Caron Carlson in eweek.com:
http://www.eweek.com/article/0,3658,s%253D701%2526a%253D26875,00.asp
"A senior Microsoft Corp. executive [Jim Allchin] told a federal court
last week that sharing information with competitors could damage national
security and even threaten the U.S. war effort in Afghanistan. He later
acknowledged that some Microsoft code was so flawed it could not be safely
disclosed."
and later, directly quoting Allchin...
"Computers, including many running Windows operating systems, are used
throughout the United States Department of Defense and by the armed forces
of the United States in Afghanistan and elsewhere."
Microsoft proposes to withhold details of the MSMQ protocol (TCP port 1801
and UDP port 3527), the Windows File Protection API, as well as APIs for
anti-piracy protection and digital rights management under the security
carve-out.
I recall that the Windows NT family of operating systems was designed to
meet DOD's C2 security criteria, including the Orange Book (standalone,
which they passed), as well as Red Book (networking) and Blue Book
(subsystems) criteria which they started working on at least 4 years ago; I
don't know if they've yet passed, but I suspect not if it's so flawed that
they don't want to disclose the protocol or API! See
http://msdn.microsoft.com/library/default.asp? url=/library/en-
us/dnproasp2/html/windowsntsecuritysystems.asp
So, one risk of flawed software might be that you have to publicly invoke
national security (read patriotism) as a last refuge from legal process.
[Active Quality Software via risks-digest Volume 22, Issue 13]
19:09
#
G!
