Page 2

By Dennis Fisher  |  Posted 2003-04-18 Print this article Print

"We spent a lot of time and money on penetration testing," said Mike Nash, vice president of the SBU, during an interview at the RSA Conference here this week. "We decided to look for new ways to attack products and anticipate the next generation of attacks. One of the ways people do this is by going after points of integration. Integration is a source of complexity, complexity is a source of vulnerability, so our goal is simplicity." This approach to penetration tests has convinced Nash and others inside the SBU that for the Trustworthy Computing effort to be a success, it must include several separate components and not just rely on one element.
"Its not just education or training or pen testing or writing secure code. Its the combination of all of these things that drives quality and security," Nash said.
Still, even with all of the new technology and processes in place, Nash knows the release of Windows Server 2003 is just the beginning of a long journey. "Our customers are asking why there are so many vulnerabilities and what we can do about it," he said. "We still have a lot of work to do." Latest Microsoft News:
Search for more stories by Dennis Fisher.
Find white papers on security.
For more on Windows Server 2003, see our special section.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel