Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Microsofts Grand Security Plan

    By
    eWEEK EDITORS
    -
    November 14, 2001
    Share
    Facebook
    Twitter
    Linkedin

      Microsoft Corp. has never enjoyed a stellar reputation when it comes to security, and its products are favorite targets for sophisticated crackers and script kiddies alike. Recently, the Redmond, Wash., company has made several announcements about initiatives and strategies aimed at improving its security posture. At its Trusted Computing 2001 forum in Mountain View, Calif., last week, company officials introduced a plan to design a standard for the way that security vulnerabilities are reported and handled. The plan drew plenty of criticism as well as its fair share of praise. Senior Writer Dennis Fisher caught up with Scott Culp, manager of the Microsoft Security Response Center and the companys main advocate for the standard, to talk about the plan and what it will take for it to succeed.

      eWEEK: Why did Microsoft decide to start this process now? What was the impetus behind it?
      Culp: Were rapidly reaching a crisis point with respect to security of the Internet. [The Internet] is seriously threatened by the security environment, and one element of that is how vulnerabilities are handled.

      eWEEK: Theres been some talk of the government stepping in and regulating the Internet. Do you think thats likely?
      Culp: I think its very likely, especially in todays environment. The prospect is very good if we dont take a reasonable approach to this. If we as a security community dont clean up our act, someone will clean it up for us. We really, really dont want to see that.

      eWEEK: Have you been in contact with the government at all about potential regulations regarding security?
      Culp: I havent been contacted. But its clear that regulation will be on its way if we as an industry dont address the problem.

      eWEEK: What do you think it would take to improve things?
      Culp: The big impediment is that theres no industry standard for vulnerability reporting. How do you contact the vendor? Whats the vendors responsibility? We would love to see the industry as a whole develop a process that can be embraced by the majority of the community.

      eWEEK: What do you say to the people who believe Microsoft wants to close this process in order to limit its exposure when security problems come up?
      Culp: Its absolutely untrue. Thats sheer speculation. We know two things: Theres a problem, and we dont have an answer. We didnt come here with a solution. The process would have to be open for public discussion. A closed process wouldnt be accepted. We have no designs for a closed process.

      eWEEK: How long do you think the process of developing a standard might take?
      Culp: I dont know. Were very early on the timeline right now. I dont know how difficult it will be to bring all of the people and groups together to get it done. Its going to have to accommodate the needs of different communities.

      eWEEK: What kind of role will you and Microsoft play in the standards process?
      Culp: Somebody has to lead. Our role is to catalyze people into working for a solution. This is one aspect of solving the problem. There are axes of the problem that are ours alone to solve, and we recognize that.

      eWEEK: How difficult do you think it will be to get other vendors to participate? Will pressure from their peers be enough?
      Culp: I think customer pressure will be more helpful. It could get to the point where vendors can talk about it as a measure of product quality. It could become a product differentiator and a part of the customer buying process.

      Avatar
      eWEEK EDITORS

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×