Re: Microsoft developers feel Windows pain

[InfoSec News <isn () c4i org>]

Forwarded from: *Hobbit* <hobbit () avian org>

   What isn't clear is how the massive effort will affect Microsoft's
   bottom line, because product groups will be busy learning about
   security--but not building products.

This implies that they're just getting started, about ten years too late??

   ... For the last two weeks, anyone who has contributed code to the 
   Windows XP and Windows .Net server CDs has been stuffed "cheek by 
   jowl" in classrooms for training, Lipner said.

Yeah, that'll be a great environment to learn in.  They'll all have
true depth of understanding when they emerge from *that* sweat-house,
right?

   "Not everyone needs IIS (Microsoft's Web server) by default," he
   said. "Not everyone uses Index Server by default. So today, those
   features are turned off by default."

Like everyone told them to do yesterday, and the day before that, and
last week.  It really takes iron cojones to act like they just
invented this idea.  Unbelievable.

   Gates himself, in a May 1995 memo urging employees to concentrate on
   developing for the Internet, likened such efforts to turning a ship
   the size of the Titanic.

And we all know how well *that* worked.  Crunch!  gurgle gurgle gurgle

This analogy is really too good to pass up.  Everything within sight
is beautifully appointed, polished to a fare-thee-well, and all aboard
think everything is just perfect.  They're having a great time.  Only
a couple of people know that the underlying design is fatally flawed,
allowing a relatively minor scrape to trash the entire thing, but of
course they're not saying a word unless disaster actually strikes.

_H*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.