Can Microsoft really make their products secure? I doubt it, and if they can, it won't be any time soon. Having dealt directly with their security developers, I was amazed at their lack of knowledge and awareness of security. They don't have the security mindset, it's never been a priority for them and it's not a part of their design process. Good secure code requires close attention from the very start, MS will have a tough time going backwards in the process of reviewing fifty million plus lines of code. Much of the code architecture just doesn't support security, and won't without a major redesign. Who, at MS is going do this code review? Ok, so they review the code, do you think they are really going to spend the millions it's going to take to "actually fix it"? Imagine the millions of users around the world having to upgrade all their MS products... not likely. The insurance companies that provide hacker insurance charge higher premiums if you use MS products, they know and can prove statistically that MS is a higher risk. It's going to take whole lot more than a new head on the MS security snake to actually bring about true security. I think its great that Gates has publicly announced the new security stance, but I'm afraid it's just the same old MS posturing... time will tell. B.Forestal

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/54/10380#10380