Help Net Security: Microsoft CTO Talks about Open Source and Security
Oct 08, 2002, 17:00 (12 Talkback[s])
(Other stories by Mirko Zorz)
[ Thanks to LogError for this link.
"Some of the things [Craig Mundie] said is what we've all been
reading in the news for what it seems like ages now: 'Hackers are
smarter, computers are better, threat continues to evolve. Computer
systems are becoming sophisticated. Products are less secure than
they should be.' I believe that everyone attending the RSA
Conference know that, or they shouldn't be involved with computer
security in the first place.
"What I've been waiting to hear is something 'real' on what they
are planning but all that was presented were statistics. The
numbers displayed: 78% of large UK businesses suffered malicious
security incidents, 95% of all US breaches are because of
misconfiguration, etc. What I wanted to see is another chart, the
one displaying how many of those compromised systems were actually
running Microsoft software. That he didn't show...
"The question of open source security has been raised, and some
statistics were given--look at the slide below. Basically, the CTO
was portraying open source software security as a myth. He said
that if you have the opportunity to look at the code it doesn't
mean that you actually do it. He forgot to say that the open source
community is huge and if one person doesn't look at the code,
someone else will, and that person will share a solution to a
problem with others..."