This page is powered by Blogger.





Contacting Us
Mike Tarrani
Linda Zarate
Kate Hartshorn

Who We Are
TEAM Zarate-Tarrani

Our main weblog
Notes from the Field

Our other pages
Mike's home page
Linda's home page
Kate's home page

Simpatico [we]blogs
Dan Gilmore
Robert X. Cringely
Jakob Nielsen
Julian Bond
Deborah Branscum
Lisa Rein
Ed Yourdon


Monday, February 18, 2002


Overcoming the Power Curve. I've been somewhat elusive lately. Busy actually. I spent a relaxing week in Hawaii the week before last, and my sisters treated me to a mini-cruise out of San Diego for my birthday. Between much needed social activities and chipping away at a mountain of e-mail I think I'm getting to the other side of the power curve.

On My Scope. I've been paying attention to the latest security events, most of which involve Microsoft in some way (no news there).

I've been following Richard Forno's articles in, among other sources, and it seems as though Microsoft cannot get out of its own way. One of the reasons I'm a Richard Forno fan is he's consistent and his news articles read like a series. Let's go back to November 2001 and read forward:

A wrap-up to the above is the news that Judge grants States access to Windows source by John Lettice, The Register dated 16 February 2002. See Richard Forno's comments in his Linux Security News article of 18 February 2002 titled, Message To Microsoft: Only The Truth Shall Set You Free.

The Point. The above is in the same spirit as Mike's 9 February 2002 entry here. Yes, Microsoft gets its share of the heat. In my opinion it's well deserved because social responsibility should be part of the price of being a convicted monopoly. At a time when security is of paramount concern I don't feel that shoddy products filled with reported vulnerabilities are an indication of social responsibility.

However, this isn't about social responsibility either. It's actually a lead-in to the first layer in the Tarrani-Zarate Model that we'll be discussing in subsequent entries. The foundation of that model is business imperatives, and in the next few days you'll see how infrastructure choices should be tied to that foundation instead of being an arbitrary technical decision. Therein lies the point to this entry: had IT been closely monitoring the industry and employing risk management practices, one of two things would have happened:

  1. Microsoft would have long ago been proactive about ensuring their products were not the security risks that have been widely reported.
  2. Microsoft would have not achieved the monopoly position it currently holds.
Points to ponder. It's also the springboard to Mike's next entry, which will introduce business imperatives.