(no subject)

[Joseph.Morris () WCOM NET (Morris, Joseph L.)]

Found this article on CNN this morning.....
****************************************************************************
******************************************
by Paul Krill
(IDG) -- Microsoft is pledging a firm commitment to security with measures
such as equipping its upcoming Windows 2000 operating system with 128-bit
encryption and interacting with users and rival vendors to detect software
breaches and bugs, a high-ranking company official said in a keynote speech
at the RSA Conference 2000 show here Tuesday.
User privacy also is a paramount concern, said the official, Brian
Valentine, who is senior vice president of Microsoft's Windows 2000 product
group.
"The reason I'm here today is to do an industry call-to-action," for
developers, vendors and others to boost computer security, Valentine said in
his opening remarks.
Included in Microsoft's plans are 24-hours-per-day, seven-days-a-week
security hot lines, consultations, and collaboration with other vendors on
security issues, Valentine said. Microsoft will re-launch its security
response centers to provide the around-the-clock responses and will respond
to issues within 24 hours, Valentine said.
"We can't just trust the end-user to solve these problems themselves,"
Valentine said.
Microsoft has made a comprehensive effort to build Windows 2000 with
security in mind, including having a staff of 15 people study the code for
breaches, denials of service, and bugs.
A preliminary version of the product also was put on the Internet to enable
users to look for security breaches, Valentine said. Within two weeks, four
denials of service bugs were found, but no breaches were discovered, he
said.

"We put it completely naked on the Internet," Valentine said.
Source code also was delivered to 70 agencies and universities around the
world for their perusal. Security efforts will be extended to other
Microsoft products, such as the SQL Server database, said Valentine.
Additionally, Microsoft in the latter half of this year plans to hold a
summit meeting with vendors, customers, and other interested parties to
discuss privacy and security issues. Also part of Microsoft's efforts is its
security advisory council.
A consumer privacy and security Web site will be set up, Valentine said.
Microsoft already has a Web site for these issues that is tailored to IT
professionals, at www.microsoft.com/security.
"We believe as a company that if we don't deal with some of the privacy
issues ... it will affect e-commerce to where people won't trust," what is
on the Internet, Valentine said.
A conference attendee said that Microsoft officials were making all the
right statements pertaining to security, but it remains to be seen whether
the company can live up to its commitment.
"I don't think anybody has been satisfied," with the security of Microsoft
products, said the attendee, a software project manager at a
computer-related vendor who requested anonymity.
Microsoft's success in marketing its products to the masses has made it a
favorite target of virus writers and hackers, the attendee said.