Information Security News mailing list archives
RE: Microsoft developers feel Windows pain
From: InfoSec News <isn () c4i org>
Date: Wed, 13 Feb 2002 04:13:53 -0600 (CST)
Forwarded from: Michael Howard <mikehow () microsoft com>
"Every group that contributes to the CD has drawn up a plan to
mitigate security risks," Howard said. Key to the plans is a measure of success--how the groups will know when they are done, he added."
I suppose what really bothers me here is that MS is doing rapid
security "training" and then these people, who wrote insecure software in the first place, are then the same ones writing their gameplan to fix it. Ummmm, who's checking the homework here? And bother you should be - but our group is - we have reviewed every plan, and made comments and feedback on every plan. just 'coz the press aricle doesn't mention the entire game plan, doesn't mean you understand the entire game plan. Moral: Be careful of what you read in the press Cheers, MH Secure Windows Initiative Got an access denied? Good, my job is done! Writing Secure Code: http://www.microsoft.com/mspress/books/5612.asp <snip> - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Microsoft developers feel Windows pain InfoSec News (Feb 08)
- <Possible follow-ups>
- Re: Microsoft developers feel Windows pain InfoSec News (Feb 11)
- Re: Microsoft developers feel Windows pain InfoSec News (Feb 11)
- RE: Microsoft developers feel Windows pain InfoSec News (Feb 11)
- Re: Microsoft developers feel Windows pain InfoSec News (Feb 12)
- RE: Microsoft developers feel Windows pain InfoSec News (Feb 13)