Re: [ISN] Gates says Microsoft security push cost $100 mln

From: InfoSec News (isnat_private)
Date: Tue Jul 23 2002 - 00:04:09 PDT

  • Next message: InfoSec News: "[ISN] Gartner's take on Symantec's spending spree"

    Forwarded from: Richard Forno <rfornoat_private>
    To do so would admit responsibility for the problems plaguing the
    Internet from Microsoft products. They could never do that - not only
    would that go against years of carefully-crafted corporate branding
    and marketing, but probably open themselves up to years of product
    negligence lawsuits if they actually admitted such.
    $100M on Trustworthy Computing? Too little, too late. And besides,
    what does "100M invested..." actually mean? Did that all go in-house,
    or did that go for external research, product acquisitions, etc. on
    stuff that's related to security? The way it sounds, you think that
    $100M was spent on programmers, and stuff all within MS, which I find
    very, very hard to believe.  Given MS track record, "investing in
    security" could mean full-page ads in magazines saying Windblows
    eXPloitable is a secure, spin control for security.
    Joking aside, I find it very hard to believe much of anything Redmond
    tells the public.
    > Forwarded from: Joe Klein <jskleinat_private>
    > Hash: SHA1
    > I think it would have saved Microsoft Stock Holders and the company
    > a lot of money if they would have designed security into the
    > operating system from the beginning.  I remember a quote from my
    > college professor that 'for every $1 spent on planning, it will take
    > $10 to 'fix' in the development phase and $100 to fix if it goes
    > into production'. So I guess someone at Microsoft needs to answer up
    > to why the 1 million dollars was not spent on the beginning of their
    > software development process, instead of costing the Stock Holder
    > $99 Million at this juncture.
    > Joe Klein  
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Jul 23 2002 - 02:39:45 PDT