Screaming Penguin

Richard Clarke is back in the news. This time taking shots a Microsoft on security issues:

"Given their record in the security area, I don't know why anybody would buy from them," the former White House cybersecurity and counterterrorism adviser said yesterday, when asked for his thoughts on Microsoft's forthcoming line of security software. ... He said he asked Microsoft last year to disclose the specific quality-assurance practices it was following in the pursuit of more-secure software code. The idea, he said, would be for the software industry to collectively come up with a set of best practices for secure software development. Outside experts would then be able to judge how well each company lives up to those practices. "There's no fine involved, there's no liability involved, but the marketplace is better informed, and the marketplace works better when it knows what's going on," Clarke said, drawing a round of applause from the crowd at San Francisco's Moscone Center. Panelists compared the concept to the effort to hold public companies to standards for financial reporting under the Sarbanes-Oxley Act.

Now the guy after the guy who quit in protest (and went to work for Microsoft) after the guy who quit in protest after Clarke quit in protest at DHS is calling our national digital security... baaad:

The overall security of computer systems inside the largest U.S. government agencies improved marginally since last year but still merits only a D-plus on the latest progress report from Congress. The departments of Transportation, Justice and the Interior made remarkable improvements, according to the rankings, which were compiled by the House Government Reform Committee and based on reports from each agency's inspector general. But seven of the 24 largest agencies received failing grades, including the departments of Energy and Homeland Security. The Homeland Security Department encompasses dozens of agencies and offices previously elsewhere in government but also includes the National Cyber Security Division, responsible for improving the security of the country's computer networks. AP via Security Focus

I guess the witch hunts at the DOE hasn't actually improved security. Surprise!