Microsoft security

ecksor

Once again harking back to that secure programming thread, what do people think of Microsoft's recent secure programming initiative?

In particular:

(1) - What effect do you see it having on the industry at large?
(2) - Will it influence your decision to buy or not buy Microsoft software in the short or long term?
(3) - Do you think they are going about it the right way?

I'm mainly asking because personally I think they are making moves in the right direction, and yet they seem to be getting a lot of flak for it from the public at large ...

dahamsta

I think it's really too early to try and answer those questions, so I'm not even going to attempt to. Personally, I think it's fantastic what they're doing if it's not just blarney, and I'm a long way off being convinced of that. Microsoft are as much a marketing company as a software development company (many would argue that they're far better at the former than the latter), and I think it's only fair that people take this kind of stuff with a pinch of salt. Microsoft is a convicted antitrust abuser, so I don't think anyone should be made to feel guilty for having doubts about their apparent "discovery" of security.

And to be fair, they're not getting as much flak as usual. Schneier has been surprisingly upbeat about it for a start, and a lot of the OSS diehards aren't being as vociferous as usual. Perhaps this time they really are telling the truth, perhaps this time Microsoft is on the right path, but it'll take a while more to convince me, and most people like me. A good long while. And I'll probably be fully integrated into the OSS collective by then anyway...

On a related note, I have to say that one of the things that I found pretty funny at the time of Gates' Message to the Microsoft Massive (it was as much unintentionally leaked as Bertie's recent "internal memo" on broadband) was Gates' obviously intentional capitalisation of "Trustworthy Computing". You just knew when you were reading it that it was going to be the catchphrase of the month. Isn't amazing how easily the media are suckered in?

adam

ecksor

Well, they seem to be getting some undeserved flak for it. Yeah, they're getting some kudos for it, albeit everyone is basically saying "we'll believe it when we see it". That's basically my opinion too, after all the measure of quality assurance is the actual quality of the software, not the hoopla or effort associated with it, but I do think they're going about things the right way.

BTW, I think that Trustworthy Computing is as good a catchphrase as any, after all the aim is to produce software that works as advertised without failing in odd and unpleasant ways ...

dahamsta

Well, they seem to be getting some undeserved flak for it.

True, but it's probable that most of the people giving flak are either: a) people who've been burned by Microsoft, in which case they have a god-given right not to believe them (remember, convicted); or b) people who diss Microsoft just for the sake of it, and they don't really matter to anyone. The people that are dangerous are the ones likes ESR, who people tend to believe no matter what garbage comes out of whatever orifice he's using on the day. Schneier seems to be a good example of someone (who matters) firmly in the middle, and I reckon that's the best place to be right now. I think the best stance to take is, "Good, you're saying the right things. Now do them, and keep doing them." Or "Sing For Your Supper."

Yeah, they're getting some kudos for it, albeit everyone is basically saying "we'll believe it when we see it". That's basically my opinion too, after all the measure of quality assurance is the actual quality of the software, not the hoopla or effort associated with it

Exactly.

but I do think they're going about things the right way.

Well, we'll see.

BTW, I think that Trustworthy Computing is as good a catchphrase as any, after all the aim is to produce software that works as advertised without failing in odd and unpleasant ways ...

Oh, I wasn't commenting on the phrase, I was more commenting on the media, and perhaps even Gates' almost comical ability to push them in whichever direction he chooses. You gotta love the guy, he's a cool cat. A complete bastard, but a lovable one.

adam

dahamsta

http://www.trustworthycomputing.com/

adam

Trojan

Originally posted by dahamsta
http://www.trustworthycomputing.com/

adam

Which points to http://www.google.com/search?q=microsoft++security+OR+privacy++flaw+OR+flaws+OR+hole+OR+holes&num=100 ...

... which is funny until you run it with some other company names in there:

http://www.google.com/search?q=ibm++security+OR+privacy++flaw+OR+flaws+OR+hole+OR+holes&num=100

http://www.google.com/search?q=hp++security+OR+privacy++flaw+OR+flaws+OR+hole+OR+holes&num=100

http://www.google.com/search?q=compaq++security+OR+privacy++flaw+OR+flaws+OR+hole+OR+holes&num=100

http://www.google.com/search?q=aol++security+OR+privacy++flaw+OR+flaws+OR+hole+OR+holes&num=100

Not so funny now?

Al.