http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,77462,00.html

By CAROL SLIWA
JANUARY 13, 2003
Computerworld

Grades ranged from B+ to D- when Computerworld asked IT managers,
analysts and security professionals to rate Microsoft's progress on
its Trustworthy Computing initiative during the past year. Excerpts
follow:

* Charles Emery, senior vice president and CIO, Horizon Blue Cross
  Blue Shield, Newark, N.J.

Grade: B

Reason: "The automatic updates within the operating system are helpful
and timely. Anything that receives as much focus as Microsoft is
giving this issue is bound to improve, but sadly, there are people who
are constantly trying to find new ways to break in."

--------------------------------------------------------------------------------

* Paul Lanham, senior vice president and CTO, Jones Apparel Group,
  Bristol, Pa.

Grade: D

Reason: "In the short term, I wouldn't give Microsoft high marks for
now focusing on security issues that should have been embedded in
their development process to begin with. They have a lot of history to
deal with in the short term. Of course, it's easy to criticize their
current state, but they at least get a good grade for recognizing the
current reality that their market position could erode if basic
measures in this area are not undertaken."

--------------------------------------------------------------------------------

* Andre Mendes, chief technology integration officer, the Public
  Broadcasting Service, Alexandria, Va.

Grade: B+

Reason: "On one side, they have obviously identified a lot of the
problems that existed with their legacy environments and have
aggressively addressed them. On the other side, there were a couple of
occasions where they still reverted to minimizing the criticality of
some of the holes."

--------------------------------------------------------------------------------

* Russ Cooper, security consultant, TruSecure Corp., Herndon, Va.

Grade: D-

Reason: "In my opinion, Microsoft hasn't made any perceivable progress
in the last 12 months with respect to security. The security bulletin
process has been up and down. Their responsiveness has been good and
bad. Windows Update has been augmented by a lame sister known as
Software Update Services."

--------------------------------------------------------------------------------

* Jason Fossen, a SANS Institute lecturer and president of Fossen
  Networking & Security, a Windows security consultancy.

Grade: B+

Reason: "Never before have Microsoft's future profits been so at risk
by the security or insecurity of their products. Microsoft's entire
XML/SOAP/.Net project to make the Web services business model a
reality will sink if IT decision-makers believe it is insecure.
Microsoft is betting the farm on .Net Web services; hence, they're
motivated to shape up, and so far, they're following through."

--------------------------------------------------------------------------------

* Marc Maiffret, co-founder and chief hacking officer, eEye Digital
  Security, Aliso Viejo, Calif.

Grade: B

Reason: "At least when Microsoft makes a claim that they are doing
something about security, they are making a little bit of effort. I
wouldn't say it's enough to where it needs to be. But the effort
they're putting into it is far more than other companies out there.
I'd give almost every software company out there an F."

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]