FRAMINGHAM (10/02/2003) - Another report on Microsoft made front-page news last week, once again raising credibility questions and controversy. This time, the story started out being about one thing -- a research report claiming that there are global security threats inherent in Microsoft's monopoly position in IT infrastructures -- but ended up being about quite another.
One of the report's seven authors (all of them respected security experts) was fired for taking part in this very public criticism of Microsoft Corp. Dan Geer, now the former CTO of security consultancy @stake Inc., became the focus of this suddenly more interesting and politicized story. Microsoft is one of @stake's major clients, you see, and Geer is way too smart not to have known what was, ahem, at stake when he signed his name to "CyberInsecurity: The Cost of Monopoly."
Publicly ticking off a major client while embarrassing your CEO is nobody's recipe for job longevity.
Yet in an interview with our reporter, Geer seemed to revel in the outcome. When asked why the group had chosen to launch the report from the anti-Microsoft Computer & Communications Industry Association, Geer called the move "an unqualified success." He said it became even more of a success "by adding the publicity engine of dissing me in the process. It was almost a gift." A gift for whom? I wonder. Not for the credibility of that report, which is a shame, because it makes many valid points about the security costs of Microsoft's dominance. But many of our readers told us that industry politics and the CCIA's bias undermined the impact of the 24-page report. Geer's firing played out more like a publicity stunt than a punishment for engaging in free speech -- although it clearly had some elements of that.
The bigger disappointment here was how little this expert treatise had to offer by way of recommendations for IT managers struggling to secure their enterprises. It laid a lump of blame on the federal government's doorstep (as if Uncle Sam will even blink), and another with the user companies that buy Microsoft's security-challenged products because they have little or no choice. But the only solutions were directed at the government, which has a lamentable record of getting Microsoft to do anything. For example, the feds were urged to "vigorously" force Microsoft to publish interface specifications for Windows and Office and to make nice with vendor consortia on development. Pretty tepid advice over which to risk your credibility.
* * *
On another credibility issue, I wrote about Forrester Research Inc.'s tainted Microsoft vs. Linux report in this space two weeks ago. A number of you applauded our new policy of requiring disclosure on the funding behind IT research reports. A few wondered why we weren't doing so all along.
I also heard from Forrester CEO George Colony, who agreed that the Microsoft sponsorship of the Linux report had compromised his firm's credibility. He responded by posting a new "integrity and objectivity" policy on www.forrester.com, in which he vows to no longer "accept projects that involve paid-for, publicized product comparisons."
Forrester will still conduct sponsored vendor research, Colony explained, but no one will have bragging rights about the results. "Every company has conflicts of interest that have to be managed," he said of the potential for vendor clients to influence the analysts advising user clients. "It's how you manage the conflict that matters."
Indeed. Your credibility can be, um, at stake.
Maryfran Johnson is editor in chief of Computerworld. You can contact her at email@example.com.