“The breach of Microsoft Corp.’s network and subsequent
access to its source code represent to many the failure of that
vendor’s product design, the failure of enterprises to implement
best practices and the failure to understand security as a
risk-management proposition.“
“I don’t think that’s a harsh enough way to describe it,
actually,” said Frank Bernhard, an analyst at Omni Consulting in
Davis, Calif.”
“Indeed, asked what nervous CIOs should take away from the
incident as a lesson, Bernhard said they should be extremely
nervous and question whether someone is illegally skulking around
their network right now….”
“You don’t walk into a museum and steal a Rembrandt with brute
force in 10 minutes,” noted Bruce Schneier, a security expert and
founder of managed security service provider Counterpane. “You
spend months in there scouting out weak spots in security. You get
blueprints. You plan to steal a Rembrandt.”
“Compounding the issue, others said, is that, having had months
of access, it will take months of digital forensics for Microsoft
just to determine what was compromised.”