Secure Coding mailing list archives
RE: Any software security news from the RSA conference?
From: "Alun Jones" <alun () texis com>
Date: Mon, 01 Mar 2004 15:58:38 +0000
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ljknews Sent: Friday, February 27, 2004 9:51 AM You must be thinking of a different Bill Gates than the one familiar to me. I am thinking of the one who announced a few years ago that Microsoft would stop other activities for a month and fix their security.
I wonder if this is the same Bill Gates who then doubled that time off new development (note - he doesn't talk about security as a finished job), and mandates the reading of the book "Writing Secure Code", amongst other things. But Bill isn't the only person at Microsoft, and it's really important that a large number of people at Microsoft "get it". Bill's job, when he turns up to these things, is essentially to say whatever Microsoft's game plan is, currently, not to impress us that he has found religion. What's key is the number of other people within Microsoft that "get security". As a Security MVP, I get to spend time with some of these people, and they really do seem to have a clue - I should know, I fill their inboxes with whatever my latest pontifications on security are, and I read the responses I get back very carefully. Microsoft has a lot of code to contend with, and much of it is old - so a lot of it has had to be scrubbed clean of imperfections, and some has had to be re-written. And yet, they're actually _doing_ it. How many people are howling about the decision to remove the non-RFC http format that's used by so many scammers and spammers? How many people are going to howl that enabling the firewall by default in SP2 makes life "harder" for them? There are some very tough decisions being made in the right direction here, I think. Alun. ~~~~ -- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | [EMAIL PROTECTED] Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
Current thread:
- Any software security news from the RSA conference? Kenneth R. van Wyk (Feb 25)
- <Possible follow-ups>
- RE: Any software security news from the RSA conference? Gary McGraw (Feb 26)
- Re: Any software security news from the RSA conference? Bill Cheswick (Feb 26)
- Re: Any software security news from the RSA conference? jnf (Feb 27)
- Re: Any software security news from the RSA conference? ljknews (Feb 27)
- RE: Any software security news from the RSA conference? Alun Jones (Mar 01)
- Re: Any software security news from the RSA conference? Mark D. Rockman (Mar 02)
- Re: Any software security news from the RSA conference? Mark Curphey (Feb 26)
- Re: Any software security news from the RSA conference? Mark Curphey (Feb 26)
- Humor: Re: Any software security news from the RSA conference? Dave Aronson (Feb 27)
- RE: Any software security news from the RSA conference? Dave Paris (Feb 27)
- RE: Any software security news from the RSA conference? ljknews (Mar 01)