Slashdot Mirror


Microsoft's Security Development Process Under CC License

An anonymous reader writes "The H Online writes: 'Microsoft has placed its process for secure software development under a Creative Commons License. The company hopes that this will lead to more developers utilising its process for programming software more securely across the entire product lifecycle ...'"

4 of 164 comments (clear)

  1. Trying what? by SgtChaireBourne · · Score: 0, Troll

    Whatever for? It's not like it's worth publishing except to document years of fail. Every generation of Windows has been the model of bad design and insecurity, including Vista and Vista7. Before M$ reps revised it, /. even had a vista failure tag, for the version to come along after tagging was implemented.

    --
    Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
  2. Re:Oh boy... by RobertM1968 · · Score: -1, Troll

    I think it's simpler than that.

    Windows can be very heavily locked down so end-users can literally do nothing more than that which is explicitly made available to them. Heck, with something like SteadyState, it can even roll back any changes with a simple reboot...

    ...unless a serious rootkit gets installed with whatever piece of malware infected your machine while you were using it, locked down or otherwise, due to exploiting the numerous .NET security holes that are still not patched. In which case, your machine will possibly be still as nicely infected after your reboot.

    Sadly, .NET is still broken. The exploits still affect all versions of the OS. The exploits still dont need the user to have admin rights. The exploits still bypass security measures on a locked down machine.

    Sadly, though I may get modded troll for this, it is true. The last time (covered in June's article on .NET and Microsoft's snuck in Firefox plugin) that Microsoft promised this exploit was fixed, I boldly claimed that, just like the 6 other MAJOR attempts, and hundreds of minor attempts to fix it, Microsoft was making an incorrect statement (their marketing team was either brain dead or lying, in claiming that the vulnerabilities were fully patched forever). Sadly, there are people who still believe those statements. Sadly, there are those of us who actually check what the Windows updates are that are being installed, and have noticed numerous attempts to re-fix the same vulnerability that Microsoft previously promised was fixed. As a matter of fact, the most recent attempt was in the last two weeks, via multiple patches.

    And sadly, of the infected machines that come into our shop, far more than half of them have a rootkit component that comes with the malware, and the vast majority of them get installed via the .NET exploits.

    THUS, not being very familiar with the current state of SteadyState, how does it handle removing rootkits on a reboot to a previous state? If it can actually do that, (not if it CLAIMS it can do that, but if it REALLY can do that), then I will have to renew my interest in it.

  3. Re:Oh boy... by Anonymous Coward · · Score: -1, Troll

    Gee whiz, you're the stupidest fucking cunt troll I've ever read here. Can you say anything that isn't filled with lies? Go back and suck your mother's dick.

  4. Re:Oh boy... by Anonymous Coward · · Score: -1, Troll

    Sadly,

    Sadly,

    Sadly

    Sadly

    And sadly

    You must be really sad.