CNET News.com/Gartner: Commentary: Microsoft lacks motivation to change securityAug 16, 2000, 00:08 (6 Talkback[s])
(Other stories by Neil MacDonald)
[ Thanks to Douglas D. Darnold for this link. ]
"The constant inclusion of new features in Microsoft's software, and the bundling of new technologies into Microsoft's OS and application products, have created large, monolithic applications that are impossible to debug for all security vulnerabilities. The addition of many new security technologies, however, does not mean that Windows 2000 is fundamentally a more secure product."
"Microsoft's development process has not fundamentally changed with respect to security. Microsoft still does not make security training mandatory for its developers. Microsoft has found that being reactive to security works well; it quickly fixes newly identified bugs. This approach is easier than preventing the vulnerabilities from occurring in the first place. For Microsoft, the top priority is getting products out the door, and the marketing department can diffuse any security problems once a product has shipped."
"Despite the headlines that these security exploits bring, consumers and enterprises have not changed their purchasing patterns in favor of more secure products. They have not voted for better security with their pocketbooks. Accordingly, Microsoft's approach to security is pragmatic. Security is important to Microsoft but only to the extent that it does not inhibit the adoption of its products. Thus, Gartner expects that such headlines will continue to appear."