Microsoft gets serious about security, part 2
by Preston Gralla
Well, I'm back to say that there's more evidence that the company has seen the light when it comes to security. The evidence this time: Microsoft senior vice president Bob Muglia admitted to CNet that the company's attempts to harden its software against attacks is slowing down product rollouts.
"It's absolutely slowed things down," he told the news site. "This work is making our software come out not as quickly."
Products affected include updates to developer tools and SQL Server, both of which will be delayed until next year. That, in turn could delay other Microsoft products whose development depends on those programs.
I think it's more than likely that the continual slipping of Longhorn's shipping date is tied to security work as well.
Now, I'm sure some of you will argue that security is just an excuse that Microsoft is using to hide behind - after all, when has a Microsoft product actually shipped on time? But this time around, the company isn't using security as an excuse. In the past, Microsoft would rush products out the door, willy-nilly, and security be damned. That's no longer the case. It's now willing to risk shipping dates of its most lucrative products - including the core operating system - to make sure its software is secure. The cynical among you may say that this newfound focus on security comes only for business reasons, that Microsoft recognized unless it releases more secure software, competitors like Linux will become more popular.
I say, who cares why the company is doing it? For whatever reasons, Microsoft has seen the light. Yes, it may mean a slower product pipeline, but that's better for all of us.
Do you think Microsoft has gotten serious about security? Let me know.
Secure by Design?
I'd be more curious to know (that is, if I had a need to use any Microsoft software) whether they are redesigning their software to address their security problems or just trying to refactor existing code based on the same, flawed designs.
I am a self-proclaimed Microsoft hater. I worked on their stuff for years and jumped ship for better harbours.
That's just to clear the air and let you read this with the right colored goggles. :)
Still, my mind is not so closed as to think that a more secure Microsoft can be anything but a "good thing". I agree with the previous poster though... For everyone's sake, I hope they are actually focusing on the numerous design flaws that they have introduced over the years. If all they are doing is fixing buffer overruns in code and subsystems that should be ripped out completely instead of fixed, we're all going to be underwhelmed.
What's in a promise?
The cynical among us will also note that for a company with pockets as deep as Microsoft's, it isn't much of a setback to "delay" their most lucrative products.