[ Thanks to Douglas
D. Darnold for this link. ]
“The constant inclusion of new features in Microsoft’s software,
and the bundling of new technologies into Microsoft’s OS and
application products, have created large, monolithic applications
that are impossible to debug for all security vulnerabilities. The
addition of many new security technologies, however, does not mean
that Windows 2000 is fundamentally a more secure product.”
“Microsoft’s development process has not fundamentally
changed with respect to security. Microsoft still does not
make security training mandatory for its developers. Microsoft has
found that being reactive to security works well; it quickly fixes
newly identified bugs. This approach is easier than preventing the
vulnerabilities from occurring in the first place. For
Microsoft, the top priority is getting products out the door, and
the marketing department can diffuse any security problems once a
product has shipped.”
“Despite the headlines that these security exploits bring,
consumers and enterprises have not changed their purchasing
patterns in favor of more secure products. They have not voted for
better security with their pocketbooks. Accordingly, Microsoft’s
approach to security is pragmatic. Security is important to
Microsoft but only to the extent that it does not inhibit the
adoption of its products. Thus, Gartner expects that such headlines
will continue to appear.”