Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's Security Development Process Under CC License

Posted by timothy on from the share-nicely dept.

An anonymous reader writes "The H Online writes: 'Microsoft has placed its process for secure software development under a Creative Commons License. The company hopes that this will lead to more developers utilising its process for programming software more securely across the entire product lifecycle ...'"

2 of 164 comments (clear)

  1. Re:Oh boy... by jimicus · · Score: 4, Interesting

    I think it's simpler than that.

    Windows can be very heavily locked down so end-users can literally do nothing more than that which is explicitly made available to them. Heck, with something like SteadyState, it can even roll back any changes with a simple reboot.

    But far too many third party developers seem to actively go out of their way to break any security - they seem to have some sort of mental block understanding that the assumptions you make when you're designing an application which will run on a system which you can more or less guarantee will only ever have one person using it (and that person has no realistic hope of screwing it up badly simply because there's so little to screw up) simply do not work on a modern multi-user, multi-tasking networked operating system.

    I've lost count of the number of applications - and these aren't crappy things you find on download.com, they're expensive commercial products that are intended to have multiple users - that explicitly expect the end-user to have local admin rights and their first support response is "Does the user have admin rights? No? Go away and come back when they do. I don't care if you can explicitly prove that this isn't the issue here...".

  2. Re:Oh boy... by Anonymous Coward · · Score: 3, Interesting

    Pretty sure you have no idea about Unix internals vs NT internals. UNIX doesn't have ACL security.

    So, the "Unix internals vs NT internals" is resumed as UNIX not having ACL security?

    Pfffff.. Yeah, looks like you know a lot more on the subject.

    WRONG. Unlike windows, which only supports ONE ACL scheme which is builtin, the most variety of UNIXes out there supports complex ACL mechanisms through a modular design or patches. Windows ACLs are also very basic compared to the full access control provided by SELinux.

    Keywords: SELinux, GRSecurity, FS extended attributes, PAM, ...

    Now go back under the rock you came from.