Secure Coding mailing list archives
Re: Any software security news from the RSA conference?
From: "Mark D. Rockman" <m.rockman2 () verizon net>
Date: Tue, 02 Mar 2004 15:45:40 +0000
Any software change is bound to inconvenience sombody. With Microsoft, I find the problem is not that they make changes but that they make changes WITHOUT properly announcing them. For example, if they do make a change and announce it at some conference, that gets the message to some small percentage of the people who NEED to get the message. Grandma and her e-mail client and pictures of her grandkids is totally clueless and possibly hostile towards detailed change information. I'm not grandma. I take pride in knowing what is going on and can do so if only I am enabled to do so. Mark Rockman, B.S., MCP ----- Original Message ----- From: "Alun Jones" <[EMAIL PROTECTED]> To: "'ljknews'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, February 27, 2004 18:58 Subject: RE: [SC-L] Any software security news from the RSA conference?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ljknews Sent: Friday, February 27, 2004 9:51 AM You must be thinking of a different Bill Gates than the one familiar to me. I am thinking of the one who announced a few years ago that Microsoft would stop other activities for a month and fix their security.I wonder if this is the same Bill Gates who then doubled that time off new development (note - he doesn't talk about security as a finished job), and mandates the reading of the book "Writing Secure Code", amongst other things. But Bill isn't the only person at Microsoft, and it's really important
that
a large number of people at Microsoft "get it". Bill's job, when he turns up to these things, is essentially to say whatever Microsoft's game plan
is,
currently, not to impress us that he has found religion. What's key is
the
number of other people within Microsoft that "get security". As a
Security
MVP, I get to spend time with some of these people, and they really do
seem
to have a clue - I should know, I fill their inboxes with whatever my
latest
pontifications on security are, and I read the responses I get back very carefully. Microsoft has a lot of code to contend with, and much of it is old - so a lot of it has had to be scrubbed clean of imperfections, and some has had
to
be re-written. And yet, they're actually _doing_ it. How many people are howling about the decision to remove the non-RFC http format that's used
by
so many scammers and spammers? How many people are going to howl that enabling the firewall by default in SP2 makes life "harder" for them?
There
are some very tough decisions being made in the right direction here, I think. Alun. ~~~~ -- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | [EMAIL PROTECTED] Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
Current thread:
- Any software security news from the RSA conference? Kenneth R. van Wyk (Feb 25)
- <Possible follow-ups>
- RE: Any software security news from the RSA conference? Gary McGraw (Feb 26)
- Re: Any software security news from the RSA conference? Bill Cheswick (Feb 26)
- Re: Any software security news from the RSA conference? jnf (Feb 27)
- Re: Any software security news from the RSA conference? ljknews (Feb 27)
- RE: Any software security news from the RSA conference? Alun Jones (Mar 01)
- Re: Any software security news from the RSA conference? Mark D. Rockman (Mar 02)
- Re: Any software security news from the RSA conference? Mark Curphey (Feb 26)
- Re: Any software security news from the RSA conference? Mark Curphey (Feb 26)
- Humor: Re: Any software security news from the RSA conference? Dave Aronson (Feb 27)
- RE: Any software security news from the RSA conference? Dave Paris (Feb 27)
- RE: Any software security news from the RSA conference? ljknews (Mar 01)