Gates: 'You don't need perfect code' for Security

securitas writes "ITBusiness has an interview from the Microsoft Professional Developers Conference where Bill Gates says 'You don't need perfect code to avoid security problems.' Instead he suggests that users acquire and properly configure firewalls and make sure that they keep their software patches up-to-date. Considering that Microsoft says it is focused on security, the comments from the Chief Software Architect aren't inspiring, especially beacuse the underlying attitude seems to contradict the idea of well-written, secure code. What kind of message does that send to the developers who work for Gates?"

Re:Since when is Bill Gates a security expert?

[Rhys]

The really great thing is we just had a Microsoft security speaker at the ACM Reflections|Projections conference at UIUC.

He was talking about how important it is to have secure code, and all the initiatives they have to fix security holes.

He also talked about how fast worms are spreading these days. Patching is not going to be sufficient - a bug discovered and posted will turn into a worm hours or days before Microsoft will respond with a patch. By then it'll be too late.