CyberTech Rambler

March 22, 2007

Thank god someone in Microsoft Security Response Centre see sense

Filed under: Uncategorized — ctrambler @ 1:35 pm

When it comes to software security, there is only three operative words: Trust, trust and trust.

If I do not trust your software, I don’t have security. If I do not trust your software patch will come in a timely fashion in response to threats, I don’t have security. If I do not trust your threat evaluation, I do not have security. And if I do not have security, the chances that I use your software just dropped significantly.

Microsoft’s software security had been terrible, but we do see an improvement after Bill Gate send an memo telling Microsofties to concentrate on security, security, security. A few years ago most people take Microsoft talk of security as a joke. The attitude is changing and for the good. While Microsoft’s software is still viewed as “less secure”, but the trust on the company is increasing.

Unfortunately, before Mr Gate even leave the company, some one is threatening this trust. Michael Howard, a senior security program manager in Microsoft’s security engineering group, ask Microsoft Security Response Centre (MSRC) to take Vista improved security features into account and where appropriate, give Vista a less severe rating than XP. Thank god that MSRC decided to rebuff him and I hope pressure is not applied to MSRC to force them to change their stand. One problem with severity rating is the way it can be massaged. All software vendors are, in some respect, guilty of massaging the severity rating and Microsoft does not escape this criticism.

Existing yardstick for threat severity rating may be simplistic and too black-and-white but it works relatively well and make it easy for user to understand and trust.

If Mr Howard is trying to extol the security virtue of Vista by this comment, then he is “penny-wise but pound foolish”. Trust is the foundation of any security effort and he just lose my trust. I hope his comment does not bring down people’s trust in Microsoft security response.


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Create a free website or blog at

%d bloggers like this: