: Decent First Attempt"> Users who have tested the technology say its a move in the right direction, but it has limitations. "Its a decent first attempt but not great," said Andrew Nielsen, a senior technologist with Raytheon Co. working on a contract at NASA Ames Research Center, in Moffett Field, Calif., who is finishing a SUS deployment. "Theres a lot of room for improvement. It is what it is. The reporting capabilities need some work, and I had some problems with the synchronization telling me updates were available after I had already approved them for download," he said. "However, Im pretty confident that subsequent versions will be better."Microsofts early work on Trustworthy Computing included putting all its developers through a lengthy training course on writing secure code and undertaking a massive bug hunt in its millions of lines of Windows code. The effort had an immediate effect when the Redmond, Wash., company decided to delay the release of its key .Net Server family, as well as a beta of the new SQL Server, because of the ongoing security code review. The security training for developers is an ongoing process, Microsofts Nash said, and all new developers must go through the program within 30 days of joining the company. Microsoft has also developed an internal tool, roughly analogous to the Unix-based Lint program, that looks at code constructs to find bugs and vulnerabilities. Nash said the company is considering developing more security products as well to complement the Internet Security and Acceleration Server firewall it sells. But he declined to give details on which categories Microsoft might go after. "If Microsoft were to do that, it would be in an area where we have unique capabilities," Nash said. The Trustworthy Computing initiative has also brought about a major shift in priorities at Microsoft with regard to the way the company deals with customer feedback, Nash said. Gone are the days when features and functionality held sway over all other considerations in product development. "Responding to customer security issues is the most important thing we do," Nash said. "Its a change. Its a clarifying thing, and its a cultural change." Editors note: This story has been edited to clarify the structure of Microsofts security business unit. Related Stories:
Microsoft Security Under Fire
Microsoft to Boost Security Response
Microsoft Shelled Out Millions on Security
Trusting in Microsoft
The SUS server cant roll out service packs, nor can it push updates through firewalls to "child" SUS servers set up in other locations, Nielsen said.