Slashdot Mirror


Security Community Reacts to Microsoft Announcement

A number of readers have collected stories concerning the change of focus by Bill Gates to security. Bruce Schneier and Adam Shostack have written a piece, while Crag Mundie of MSFT has also chimed in, along with some commentary from ZD folks. SecurityFocus has other words, as does InfoWarrior.

4 of 471 comments (clear)

  1. How to secure Microsoft Windows: by Proaxiom · · Score: 5, Funny
    Schneier and Shostack say:
    Separate Data and Control Paths
    Use Secure Default Configurations
    Separate Protocols and Products
    Choose for Security over Features
    Make it Transparent and Auditable
    Give advance notice of Protocols and Designs
    Engage the community

    All that stuff sounds great, but I can say the same thing in far fewer words:
    Start from scratch. Do it right this time.

  2. Microsoft's First Security Policy by gspeare · · Score: 5, Funny

    The first thing Microsoft is going to do under their new "security first" paradigm will be to announce that due to security concerns, they can't tell us what any of their security upgrades actually are.

  3. New Levels by Sir+Tristam · · Score: 5, Funny
    "We must lead the industry to a whole new level of Trustworthiness in computing."
    - Bill Gates internal memo, 15 January 2002.
    Hasn't this already been accomplished? I'd feel a lot better if it had stated that this would be a higher level of trustworthiness. All software (other than a "hello world" program, TeX and anything I write ;-D ) have bugs; that's simply life. Admit them, correct them, and move on instead of trying to ignore and bury them, and people would feel a lot more trusting of the products. The same applies for "gee-whiz" features that end up being security holes; admit that they were bad ideas and remove them (or at least disable them by default)

    Bottom line is, words are easy. I'm going to wait to see the action.

    Chris Beckenbach

  4. Rememberances... by FauxPasIII · · Score: 4, Funny

    This reads alot like the dilbert where dogbert is a consultant and says something to the effect of "I'm going to make a bunch of recommendations that I know you are too cowardly to implement. Later, when you fail, I'll laugh at you for ignoring my advice."

    --
    25% Funny, 25% Insightful, 25% Informative, 25% Troll