Is Microsoft more secure than Open Source? - The French Military say 'Oui!'

Almost 4 years ago to the day, Bill Gates announced the Microsoft 'Trustworthy Computing Initiative' with its Four Pillars of Security:
Security
Privacy
Reliability
Business Integrity

At the time, I was working as Security Business Manager for a major Microsoft Partner and even we felt that Microsoft had received far to much of a kicking from the market over glaring security bloopers to ever be able to redeem itself as a 'Secure Platform' for business. However, I have to say that those crazy kids in Redmond really did step up to the plate. Every developer was re-educated in the art of secure coding and a stringent process of code review were put in place, to the extent that employees were financially rewarded for discovering security flaws in code and penalized for introducing them. Thats right. MS were determined to hit ctrl+alt+del on the recurring security headache and realizing that a shiny new logo and PR campaign wouldn't cut it, resolved to deal with the problem from the ground up.

These days, 2003 server arguably holds it's own with the best that the Linux and UNIX world has to throw at it from a security perspective and stays up pretty well too! And as far as the Desktop and Office suit is concerned, well XP's Security Center and corresponding website has played a crucial part in regaining users trust in the software giant.

What about Office? Remember all those problems with malicious macros that caused havoc in yester year? Well, according to a report on The Register®, the French MoD at least, think Microsoft have dealt with the problem better than most (or more specifically better than OpenOffice). Now no doubt OpenOffice.org will step up to the plate on this one and point out that being open source, the community can easily and quickly implement a fix to meet the requirements and critics will also point to the fact that over 24 flaws have been found and fixed in MS Office this year alone. However I can't help thinking that finding and fixing flaws before they bite you on the ass is exactly what a software company taking security problems seriously should be doing!

WatchGuard – Purchase by Francisco Partners. Insult or fair price for old rope?

Now I should confess up font that I'm a WatchGuard fan. I love the product! Why even now as I type this I feel strangely reassured by the red box, with it's familiar flashing lights sat in a rack in the corner of my office. And it's not just that I've had a long and meaningful relationship with the company ever since it first came over to the UK in 1997 (then of course it was Seattle Software Labs). It's also because WatchGuard DID something to the Firewall market. They took it to the SME's. Whilst Check Point were still fleecing the Blue Chips and Cisco PIX was still so complicated you needed a PhD and a working knowledge of voodoo just to turn the thing on, WatchGuard entered the market with it's cute red box, flashing lights and an interface that was so straight forward, even I could get one to work! Not only that, they were throwing them at the market for a fraction of the price of the competition. Lets face it folks WatchGuard owned the appliance firewall market and by the start of the millennium stock prices had climbed to $70+ .

Oh yes. Firewall appliances were where the market was at and WatchGuard was a furlong ahead of the pack. It's what happened next that was amazing. Absolutely nothing! The WatchGuard foot went firmly off the gas and amazingly seemed content to coasted along. Money was waisted on ill-conceived acquisitions (God help you if you ever bought a WatchGuard-RapidSteam unit!), and slowly but surely the SonicWalls and NetScreens of this world gradually caught up and then waved cheerfully at the snoozing WatchGuard as they trotted past. By the time WatchGuard resolved to make up ground with the development of the X-Class, (after the ill-received V-Class, which was basically a RapidStream with a paint-job) it had given away it's market edge in a way that was almost criminal.

So that brings us to todays news. And it is a pathetic culmination of poor management and weak product direction. Rumors of WatchGuard's sales have been banded around for quite a few months now and in May Vector Capital offered $5.10 per share. Ed Borey, CEO of WatchGuard who was appointed exactly two years ago (Hmmm....) sat on his hands until Vector reduced it's offer to $4.65 (perhaps having had first hand experience of dealing with 'thought leaders' at WatchGuard!) which sent the share price tumbling a staggering 48% (smooth Ed... Real smooth!). Today Borey accepts (subject to shareholder approval) an offer of $4.25 from Francisco Partners. Given that Borey was brought on with the specific remit to prepare the WatchGuard business for sale, one has to ask what on earth makes this an appropriate conclusion to his contract, for which he is rumored to be in line for a $3m pay-out.

Final thoughts:
I've spent a lot of time working with the WatchGuard product and some really dedicated people in the WatchGuard organization. This deal is an insult to both. Yes WatchGuard lost it's edge a while back, but a huge investment in ASIC technology and completely revised firmware has brought it back into contention over the past couple of years. I don't hold stock in WatchGuard (NASDAQ WGRD) but if I did, I would oppose this deal. Maybe Francisco is a good home for WatchGuard, after all they have some complementary products such as Barracuda & WebTrends. They also have a habit of cutting out the rot from senior management, which my contacts at WatchGuard would indicate is long over-due. However, the rumor is WatchGuard have $72m in the bank and revenues approximately totaling $77m for the past 12 months (based on Q2, 3, 4 results 2005 and Q1 results 2006) which makes this looks like a steal. I am definitely no market analyst, but in my heart I feel it's a sad day when the senior management of an organization put less value in their business than their staff and loyal supporters.

And so it begins!
This is an historic moment folk. My first blog entry! So why bother? Well for one I believe that the Blog-culture is a powerful, growing movement that captures the chaotic, anarchistic viral nature that has made the Internet a defining force of modern culture and secondly I LOVE the way Blogging gives every man, woman and child a voice. And a loud one at that! Everyday Joe's who before experience bad service can blog about it and hang a corporate giants big corporate dirty undies out on the virtual washing line for everyone to see. Think of what 'Dell Hell' on buzzmachine.com Did to the mighty Dell, or the PR nightmare that AT&T suffered when one of their consumers tried to cancel their subscription and posted a recording of the atrocious customer service they received. Yes my friends the worm has turned. The consumer is in control!
Over a beer with friends at the weekend, we were having a conversation about how our purchasing behavior has been completely redefined by the Internet. If you're anything like me (God help you!) you've probably handed over a fair amount of your hard-earned cash to a virtual shop assistant, in a virtual shop for, well virtually anything! From Pizzas (yes you can order Domino's online!) to cars, holidays, your weekly groceries.. frankly ANYTHING that a few years ago would have meant a hell of a lot of time trudging round various outlets, seeing who had stock of what and at what price, can all be done in a fraction of the time via the Internet. Personally, even if I'm going to make a purchase in a shop, chances are I'll Google it first and see what people have to say. And the opinions you (or at least I) trust the most are the ones that are offered by other consumers.
I guess if I have to put a line in the sand as to what the purpose of this blog is it is to reach-out to others interested in the Technology Market and in the effects of Consumer Generated Media. I'll also be using it as a vent for my ramblings on various technologies and gadgets :)
Here endith my first entry.