Documents with embarrassing data could be revealed to partners or customers, analyst firm says Microsoft Corp. does not adequately address metadata management in its upcoming Windows Vista OS, posing risks that documents with potentially embarrassing data could inadvertently be revealed to customers or partners, Gartner Inc. warned in a report.In Vista, Microsoft uses metadata — the term for keywords or other data that describe documents — for faster file searches. Metadata can also help detail changes to a document as it is edited by different people.The report, released Wednesday and written by Gartner analysts Michael Silver and Neil MacDonald, encourages organizations planning to use Vista to develop metadata policies and look at third-party tools allow them to manage metadata more securely. The costs for an organization that mistakenly releases documents with sensitive metadata could be high, Gartner said. For example, a company might tag documents to identify high-value and low-value customers. Sending a document with the “low-value” tag still attached could damage a business relationship.Vista will have a tool for removing metadata, but is does not entirely resolve the issue, according to Gartner. To use the tool, a copy of the document is generated. Even if the metadata is removed in one document, a chance remains that the wrong document could be sent out, the report said. Additionally, the author must remember to use the tool.“With Microsoft’s increased emphasis on security and privacy, the issues in Windows Vista should have been addressed deep within the OS during development, not with a tool that requires users to remember to remove or not remove metadata as appropriate,” Silver and MacDonald wrote. Microsoft officials were not immediately available for comment early Friday.Microsoft’s Office 2003 software shows hidden metadata so that the author will see it, but the process for removing it is still manual, the report said. Office 12 will have a metadata removal tool, but it will differ from the Vista one and still have to be initiated by users.Gartner made several recommendations. Microsoft should incorporate digital rights management to control who views the metadata, and allow organizations to have a list of approved keywords to assign as metadata. Also, Exchange Server should be equipped to strip metadata in Vista or Office files any time a document is sent externally, the authors wrote. Absent those controls, “you must have a plan and policy for addressing metadata management before deploying Windows Vista,” they wrote. Software DevelopmentTechnology IndustrySmall and Medium Business