[ISN] Microsoft creates new group to clean its coding act

From: InfoSec News (isnat_private)
Date: Thu May 29 2003 - 22:37:41 PDT

Next message: InfoSec News: "[ISN] Expert: Casinos need to improve online security"

Previous message: InfoSec News: "[ISN] Security researcher accuses Redmond of misleading customers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.nwfusion.com/news/2003/0529microcreat.html

By Joris Evers
IDG News Service
05/29/03

Microsoft is expanding its security business unit with a group that 
will establish new software development processes and create tools for 
its programmers so that future Microsoft products will have fewer 
security flaws, a Microsoft executive said. 

"The new Security Engineering Strategy team will look at security 
across all Microsoft product lines, with the ultimate goal being that 
customers will take security for granted in Microsoft products," Steve 
Lipner, the recently named director of Security Engineering Strategy 
at Microsoft, said in an interview on Wednesday. 

"My position really is recognition of the fact that there are a lot of 
security aspects to building and shipping software products at 
Microsoft and we need to do a more coherent job of looking forward 
across all the products we ship, trying to address security holes 
before they are discovered outside of Microsoft," Lipner said. 

"What we're focusing on is improving our processes for building code 
that is as good and particularly as secure as we can possibly make 
it," he said. 

Lipner previously headed Microsoft's Security Response Center (MSRC), 
the part of Microsoft that handles security vulnerabilities in 
products after they have been shipped. Lipner also drove the 
code-cleaning initiative last year which saw Microsoft take a break 
from writing code to examine its work for security flaws. 

The Security Engineering Strategy team will be small, with about 10 
security experts who will be recruited from within as well as outside 
Microsoft, Lipner said. "We will try to get the best people so we can 
to do a great job on security for our customers," he said. 

Microsoft, which has faced hefty criticism when it comes to the 
security and stability of its products, created a business unit 
focused on security just over a year ago. The unit has been growing 
steadily since, Lipner said. 

"Trustworthy Computing and security are key elements of success for 
the IT industry going forward," he said. Trustworthy Computing is the 
Microsoft-wide initiative to focus on security launched by Microsoft 
Chairman and Chief Software Architect Bill Gates in January last year. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Expert: Casinos need to improve online security"
Previous message: InfoSec News: "[ISN] Security researcher accuses Redmond of misleading customers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 30 2003 - 01:23:26 PDT