IP: The Gates Declaration and Microsoft Security Day

[David Farber <dave () farber net>]

> The Gates Declaration and Microsoft Security Day
> Richard Forno
> 16 January 2002
> rforno () infowarrior org
> (c) 2002 by Author. Permission is granted to quote, reprint or redistribute
> provided the text is not altered, and appropriate credit is given.
>
> Summary: Analysis of the latest Microsoft foray into information security
>
> By now, you've seen the news article. Microsoft founder and Chairman Bill
> Gates announced in a memo (text) yesterday that security would have the
> 'highest priority' in its products and that security is now 'more important'
> than any other part of Microsoft's work. This is the company's latest public
> attempt to address security concerns with its products and services.
>
> Undoubtably, history will remember January 16, 2002 as Microsoft Security
> Day - harkening back to that wonderous day in 1995 when Chairman Gates
> announced that the Internet was to be part of all Microsoft products and
> services. That proclaimation produced such well-known Redmond innovations as
> Melissa, I Love You, Code Red, SirCam, Code Red II, BadTrans, UPnP, and
> VBScript, among other notables, resulting in burned-out system
> administrators and a flourishing information security industry.
>
> Gates is also reported to have said that the September 11 attacks are a
> major reason to stress security of America's critical infrastructures,
> including its computer systems. Huh? Has Chairman Gates been asleep at the
> keyboard for the past several years, knowing that while his bloated, buggy,
> and exploitable products were achieving marketplace dominance - and monopoly
> status - they were becoming a self-inflicted vulnerability on the wired
> world we currently inhabit? Security all of a sudden is important to
> Microsoft?
>
> Perhaps this sudden change of heart has to do with the recent BBC report
> that the US National Academy of Sciences is calling for laws to punish
> software firms that produce insecure products. Or, could Microsoft's legal
> team be afraid that what the company produces and sells as "products" - in
> actuality, shrink-wrapped denials of service and prepackaged network
> compromises - could contribute to electronic criminal or terrorist acts
> against America's critical information resources? Could it be that Microsoft
> is actually scared of something?

<snip>

For archives see:
http://www.interesting-people.org/archives/interesting-people/