RE: [ISN] Microsoft developers feel Windows pain

From: InfoSec News (isnat_private)
Date: Wed Feb 13 2002 - 02:13:53 PST

  • Next message: InfoSec News: "[ISN] FC: Congress weighs life imprisonment for some computer intrusions"

    Forwarded from: Michael Howard <mikehowat_private>
    
    >>"Every group that contributes to the CD has drawn up a plan to
    mitigate security risks," Howard said. Key to the plans is a measure
    of success--how the groups will know when they are done, he added."
    
    >>I suppose what really bothers me here is that MS is doing rapid
    security "training" and then these people, who wrote insecure software
    in the first place, are then the same ones writing their gameplan to
    fix it.  Ummmm, who's checking the homework here?  
    
    
    And bother you should be - but our group is - we have reviewed every
    plan, and made comments and feedback on every plan. just 'coz the
    press aricle doesn't mention the entire game plan, doesn't mean you
    understand the entire game plan.
    
    Moral: Be careful of what you read in the press
    
    Cheers, MH
    Secure Windows Initiative
    Got an access denied? Good, my job is done!
    Writing Secure Code: http://www.microsoft.com/mspress/books/5612.asp
    
    
    <snip>
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Feb 13 2002 - 05:54:25 PST