Microsoft's New Security Road Map

Dom · Sep 16, 2003, 02:08 AM

With all of the attacks on Microsoft (Nasdaq: MSFT) software the past few months, it is increasingly hard to chalk it up to the fact that Microsoft products are the most widely used in the industry, and are therefore the prime target for black hatters. Are Microsoft's coding practices and product-development teams just not as attuned to security as they should be?

If they have not been in the past, they will be if Microsoft's new security road map is successful. Besides changing new software that already is written -- to batten down the hatches when it comes to default features -- Microsoft also is trying to plug holes in legacy products. But to do that requires the cooperation of its customers, and patching can be a tough sell. Is Microsoft doing enough to secure its software? Industry experts are not so sure.

New Unit

In the short term, Microsoft is resigned to the fact that all software is going to have security flaws. But the company is taking steps to try to stymie attackers. It has changed its organizational structure to create a security business unit and has retrained developers in security best practices.

The Security Business Unit is responsible for training developers to write secure code, creating and enforcing security goals for Windows product groups, and developing security best practices. In 2002, the software giant stopped development for two and a half months to educate more than 9,000 of its employees in writing more secure code. In the last 18 months, Microsoft retrained 18,000 developers, instituted an array of new, more secure development practices, and provided its developers with enhanced tools.

Read More...

black_out · Sep 19, 2003, 08:24 AM

Big words from our friends at Redmond again.

Their software is holier than the pope!

I have yet to see Microsoft + Security + success all in one sentence. They've been promising this for a looong time now -- we've been awaiting for the solution but end up getting the punch line instead.

Sep 16, 2003, 02:08 AM	#1
Dom DriverHeaven Extreme Member Join Date: Jun 2002 Posts: 12,940 Rep Power: 0	Microsoft's New Security Road Map With all of the attacks on Microsoft (Nasdaq: MSFT) software the past few months, it is increasingly hard to chalk it up to the fact that Microsoft products are the most widely used in the industry, and are therefore the prime target for black hatters. Are Microsoft's coding practices and product-development teams just not as attuned to security as they should be? If they have not been in the past, they will be if Microsoft's new security road map is successful. Besides changing new software that already is written -- to batten down the hatches when it comes to default features -- Microsoft also is trying to plug holes in legacy products. But to do that requires the cooperation of its customers, and patching can be a tough sell. Is Microsoft doing enough to secure its software? Industry experts are not so sure. New Unit In the short term, Microsoft is resigned to the fact that all software is going to have security flaws. But the company is taking steps to try to stymie attackers. It has changed its organizational structure to create a security business unit and has retrained developers in security best practices. The Security Business Unit is responsible for training developers to write secure code, creating and enforcing security goals for Windows product groups, and developing security best practices. In 2002, the software giant stopped development for two and a half months to educate more than 9,000 of its employees in writing more secure code. In the last 18 months, Microsoft retrained 18,000 developers, instituted an array of new, more secure development practices, and provided its developers with enhanced tools. Read More...

Sep 19, 2003, 08:24 AM	#2
black_out DriverHeaven Junior Member Join Date: Aug 2003 Posts: 24 Rep Power: 0	Big words from our friends at Redmond again. Their software is holier than the pope! I have yet to see Microsoft + Security + success all in one sentence. They've been promising this for a looong time now -- we've been awaiting for the solution but end up getting the punch line instead. __________________ Shop SMART........shop S-MART......YA GOT THAT?!! -Ash from Army of Darkness