Bug-Zapping, Microsoft Style

from the fixing-bugs-all-day-long dept

Microsoft is certainly making a big show of how they're making their software more secure. The question is how much of it is marketing, and how much of it is real. On the marketing side, they have someone who's job it is to go out and respond to Microsoft bashers about their security (assuming those bashers write for a major publication, it appears). This article in Business Week lets the guy respond to some criticisms of Microsoft's security, where he basically says (1) they're getting more secure by using automated bug catchers and (2) they really have fewer security problems than other vendors. Neither one of these points makes me feel any more comfortable. While I'm sure automated bug catchers help, you have the same "automation" problem you find with things like a spell-checker. Studies have shown that good writers who use spell-checkers begin to rely on them, and their writing ability decreases. I could see the same thing happening in the coding process. Since they have these automated bug catchers, will people architecting the program be as careful? And will they start to just get lazy and rely on the automated bug catchers? As for the comparison to other operating systems, I don't think that really matters. This isn't a contest. Also, simply looking at the total number of CERT advisories doesn't compare how serious the problems are or how many people are impacted by them. In the end, I do agree with the Business Week writer. I'm sure Microsoft is trying very hard to increase the security of their code. That's very different than saying they've actually made their systems secure.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Jim Tsoj, 21 May 2003 @ 1:39pm

    No Subject Given

    Huh! "is trying" and "have done" IS the difference between marketing and real life, don't you think? :)

    link to this | view in thread ]

  2. identicon
    Adam Barr, 21 May 2003 @ 5:22pm

    my comments

    1) Having worked on the Windows 2000/XP kernel and had my code run through Prefix, I would highly doubt that anybody would write sloppy code thinking "Oh Prefix will catch this." First of all Prefix is not some "active" thing hovering over your editor; it will find bugs later, after you have tested and checked in your code, and then you have to go back and fix the code, retest it, re-check it in -- all a huge hassle, and much easier just to do it right the first time. Of course you may just be too clueless to write good code in the first place and then you have to hope Prefix sves your keister. But I can't picture someone who *has the capabilitiy to write good code*, not doing so because they are lazy and think Prefix will bail them out.
    2) Mike Nash is a marketing guy. I'm sure he's real smart, but when he talks about the Microsoft development process, he does not know precisely what he is talking about.
    3) I notice he did not respond to the issue of moving the HTTP server into the kernel...really it doesn't matter if Microsoft is moving it into the kernel, out of the kernel, or sideways within the kernel. The problem is they are doing something to the code, and that is going to mean new vulnerabilities. It's like the dinosaurs in Jurassic Park when the Jeff Goldblum character talks about them; it's not a question of if the dinosaurs are going to escape, it's just when and how. Until Microsoft stops doinking around with its code (which will be never, since it has to keep selling upgrades), the code will not stabilize.
    More rambling on MS development issues:
    http://www.osopinion.com/perl/story/14306.html
    - adam

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.