Re: Microsoft's new Windows security initiatives

From: Aron Roberts <aron_at_socrates.berkeley.edu>
Date: Thu Oct 09 2003 - 16:37:05 PDT

At 16:10 -0700 2003-10-09, Ross Dmochowski wrote:
>On Thu, 2003-10-09 at 15:59, Aron Roberts wrote:
>> Earlier today, Microsoft announced a far-reaching set of Windows
>> security initiatives, as summarized in the company's press release at
>>
>><http://www.microsoft.com/presspass/press/2003/oct03/10-09SecurityInvestmentspr.asp>.
>
>As others have astutely pointed out,
>
>On Thursday 09 October 2003 13:50, Dehner, Benjamin T. wrote:
>> What is interesting in this article is what Balmer does NOT say.
>> Specifically:
>> -- code auditing to prevent security problems
>> -- Q/A testing of software to detect bugs
>> -- testing of patches to prevent patch interaction and over-write
>> issues
> > -- third party security testing

   True, but that's not news. The new Windows security initiatives
introduced by Microsoft's Steve Ballmer today were not intended to
address that category of issues. Rather, issues concerning code
quality are instead encompassed within Microsoft's approximately
one-year-old "Trustworthy Computing" initiative.

   This initiative includes changes in the company's software
development, testing, and product management practices, all of which
are aimed at code quality improvements -- and, as an obvious
corollary, at reducing the number and severity of bugs in Microsoft's
products, including those resulting in security vulnerabilities.

   A recent article provides a fascinating -- albeit brief -- real
world look at changes in Microsoft's software development process
that have so far resulted from the Trustworthy Computing initiative:

   Bill Breen
   "Can Microsoft Finally Kill All The Bugs?"
   Fast Company, October 2003
   http://www.fastcompany.com/magazine/75/microsoft.html

Aron Roberts
Workstation Software Support Group

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Thu Oct 9 16:39:19 2003

This archive was generated by hypermail 2.1.8 : Thu Oct 09 2003 - 16:39:19 PDT