Microsoft, Open Source and Critical infrastructure security in Canada

It seems like it was yesterday I was writing about how Open Source software and standards are essential to critical infrastructure security. Now IT Business is reporting some progress with a surprising twist: Microsoft will partner in it and advise our government and others on IT threats, including viruses. Disturbing, to say the least.

Although one could argue that there can’t be another company more familiar with security problems and virus experience, it’s clear experience is not the only thing Microsoft would be bringing in.

Last year Public Safety and Emergency Preparedness Canada (PSEPC) published a report that suggested « increasing the adoption rate of alternative (non-Microsoft) software such as open source, licensing or certifying software professionals, and giving software product liability laws more teeth as ways to reduce the risk of CII disasters. »

Now the director of critical infrastructure policy in PSEPC explains « the report was done to provoke discussion but it is not government policy. »


An interesting quote from the article:

Microsoft’s involvement may be an attempt to stem the tide of governments that are giving open source more than a passing glance.

I can already imagine a security meeting where Microsoft is advising governments to install Windows XP service pack 2, including the « latest IE and Outlook security updates », as well as a list of server products to conveniently manage it all. I hope the Mozilla Foundation gets an invitation. Or perhaps I’ll invite myself! 🙂

Sounds familiar ?