Microsoft's Security Response: 10 Ways to Improve It
News Analysis: Over the years Microsoft has seen plenty of evidence that it needs to speed up and improve its response to security alerts. Here's what it should do now.
Microsoft finds itself in a familiar position. As reports broke early this week, claiming the company knew of zero-day exploits months prior, some are already calling its response times into question. The reports claim a researcher told the company of issues back in February. But the report effectively highlights Microsoft's poor response time.
Beyond this most recent issue, the company has had trouble addressing issues in the past on Windows, Internet Explorer and even Office. And its focus arguably hasn't been as firmly set on security as it should have been.
That's why it's time for Microsoft to do more to improve its security-response time. It doesn't need to do anything drastic, but it needs to be more proactive in its strategies. It also wouldn't hurt if it communicated with stakeholders more often. Here is what Microsoft should be doing now to improve its security response time.
1. Increase communication with the public
The first thing Microsoft should do is improve its communication with its users. It's understandable that the firm doesn't want to alarm users for every simple problem with its products, but at the same time, those people have a right to know. And perhaps by being more vocal about the issues that plague Windows and Internet Explorer, Microsoft might make those users become more proactive in downloading security software to counteract any issues that might arise.
2. Be more proactive
Too often, Microsoft simply sits back and waits for problems to get out of hand before it adequately addresses them. The time for that response has come and gone. Nowadays, Microsoft must be more proactive and once it hears of an issue, it should set out to fix it. The hacker community is big and smart. Microsoft needs to stay a step ahead -- or else.
3. Listen to researchers
Researchers might be a pain to Microsoft, but they effectively highlight the issues that the software giant's own team of experts might have missed. Realizing that, maybe it's time Microsoft places a bit more stock in the things security researchers have to say. Microsoft has proven time and again that when it's left on its own, it doesn't do everything that it should.
4. Forget the embarrassment
Unfortunately, Microsoft has suffered from embarrassment for far too long over its security problems. It has decided in the past that it's easier to ignore the issues or simply make them seem less important than they are for the sake of its own reputation. From a marketing perspective it makes sense. But from a security perspective, it's the wrong response. Microsoft needs to get over the embarrassment of its security issues and get working on solutions.