"There are volumes of people at Microsoft who are absolutely committed to security, and who take the massive task of securing Microsoft's suite of products quite seriously. But they are not en masse -- if they spoke as an authoritative body, then things would be better than they are today. ..."

You may have acquaintances and friends at Microsoft who really are committed to security, I don't doubt that, but the real philosophy at Microsoft towards security is manifested in the shrink wrapped boxes sitting on the shelves in stores all over the world; a consistently insecure product from one release to the next exhibiting obviously no effective commitment to security.

The remote access vulnerabilities discovered in the XP product when it was newly released are a demonstration of what many professionals already knew: Microsoft still isn't as concerned about security as they should be.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/69/11871#11871