Microsoft Learns Lessons
It was as recently as last year's RSA conference, in San Jose, that Microsoft's security "strategy" was a laughingstockliterally.It was as recently as last years RSA conference, in San Jose, that Microsofts security "strategy" was a laughingstockliterally. As a speaker tried to persuade attendees of what passed for security in Windows 2000 during an RSA session in January 2000, titters from the audience prompted him to say, "I know. I know. They are trying." And this was before the ILoveYou virus. Now, theres evidence that Microsoft has tried, and learned. And now it is doing everything right in the never-ending security battle. That doesnt mean that it is succeeding or will succeed. But it does mean that the company has undergone a complete reversal in its attitude toward security.
It was at this years RSA conference, held a couple of weeks ago in San Francisco, that Microsoft detailed its new security plans. Before, any time Microsoft mentioned security, it was only lip service. Now it has actually accomplished something, most notably in the area of internal education for its own developers and new methodology in how products are designed: with security in mind from the foundation, not as an afterthought that results in dozens of post-release security patches.