Microsoft Security: Over the years….
Ten years ago, Microsoft had a big problem. Buggy code was allowing viruses like “CodeRed”, “ILoveYou,” and “Nimda” to infect millions of computers running its Windows and Microsoft’s Web server software.
Times have changed.
Back then, the steady stream of worm outbreaks, coding glitches that annoyed users, and security weaknesses reported by outside researchers was having a steady and negative effect on the company’s reputation. Microsoft was everywhere on consumer and corporate PCsworldwide, but the software giant couldn’t seem to deliver solid software.
Then came a famous Bill Gates memo on January 15, 2002, that promised to change all that. Gates realized that if the company didn’t get its security act together the future of its .Net framework for network services, and the company itself, would be threatened. His company-wide e-mail warned:
As software has become ever more complex, interdependent and interconnected, our reputation as a company has in turn become more vulnerable. Flaws in a single Microsoft product, service or policy not only affect the quality of our platform and services overall, but also our customers’ view of us as a company.
So now, when we face a choice between adding features and resolving security issues, we need to choose security. Our products should emphasize security right out of the box, and we must constantly refine and improve that security as threats evolve.
To solve the crisis, the company embarked on a new Trustworthy Computing initiative, which Gates said “is the highest priority for all the work we are doing. We must lead the industry to a whole new level of Trustworthiness in computing.”
Original Publishing: http://tinyurl.com/7kgrn9u
- Microsoft Patches SSL BEAST; But warns of more! (netsecurityit.wordpress.com)
- Microsoft Ruins Perfect Record with Out-Of-Band Patch (pcworld.com)
- Steve Ballmer Reboots (businessweek.com)
- Ten years on from Nimda: Worm author still at large (go.theregister.com)
- Memories of the Nimda virus (nakedsecurity.sophos.com)