RE: Microsoft developers feel Windows pain

[InfoSec News <isn () c4i org>]

Forwarded from: Michael Howard <mikehow () microsoft com>

> > "Every group that contributes to the CD has drawn up a plan to
mitigate security risks," Howard said. Key to the plans is a measure
of success--how the groups will know when they are done, he added."

> > I suppose what really bothers me here is that MS is doing rapid
security "training" and then these people, who wrote insecure software
in the first place, are then the same ones writing their gameplan to
fix it.  Ummmm, who's checking the homework here?  


And bother you should be - but our group is - we have reviewed every
plan, and made comments and feedback on every plan. just 'coz the
press aricle doesn't mention the entire game plan, doesn't mean you
understand the entire game plan.

Moral: Be careful of what you read in the press

Cheers, MH
Secure Windows Initiative
Got an access denied? Good, my job is done!
Writing Secure Code: http://www.microsoft.com/mspress/books/5612.asp


<snip>



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.