SUMware
Premium
join:2002-05-21
3 edits | reply to dave
"SDL is not perfect, nor will it ever be perfect."
said by dave  :Ah. One employee of Microsoft says something, and it's reported as 'Microsoft says'... I bet you'll find some core OS engineers that agree with Russinovich and some that are seriously pissed off at him for dissing their baby in public. More lowered expectations...?
From ComputerWorld - April 27, 2007:
How the ANI bug got baked into Vista: Microsoft explains quote:
In a postmortem of last month's Windows animated (.ANI) cursor vulnerability, one of Microsoft Corp.'s security development gurus today spelled out how the bug sneaked into Vista
Michael Howard, an authority on Microsoft's Security Development Lifecycle (SDL) -- a multipart initiative that aims to get developers to design more secure code -- posted an extensive entry on the brand-new SDL blog that outlined lessons learned from the ANI vulnerability. "SDL is not perfect, nor will it ever be perfect," Howard acknowledged yesterday. "We still have work to do, and this bug shows that."
That bug, which first surfaced late last month and posed enough of a threat that Microsoft went out of cycle to patch it, affected all older editions of Windows as well as the newest, and supposedly more secure, Windows Vista. Some security researchers, in fact, took Microsoft and its SDL process to task for not catching the flawed code as Vista was written, debugged, tested and polished.
Michael Howard is a security program manager on the Microsoft Windows XP team, focusing on secure design, programming, and testing techniques. He works with hundreds of people both inside and outside the company each year to help them secure their applications. He is the author of Designing Secure Web-Based Applications for Microsoft Windows 2000 from Microsoft Press. Prior to working on Windows XP, Michael worked on next-generation Web server technologies and IIS. He has worked on Microsoft Windows NT security since 1992. |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to dave
Re: MS Retreats Over Vista Security Claims
said by dave :We're talking about Microsoft employees. What's Jim Allchin got to do with them? When he made the statement, he was in the capacity of 'outgoing co-president of Microsoft Corp.', I believe it was reported.
While he may be no longer be officially involved with the company, I would suspect there are still some ties remaining.
Not that he was speaking as a company spokesperson when he made the remarks-- he wasn't.
I just wondered if he had made any further follow-up remarks after his child had actually been using Vista for a few months, that's all.
The kid's machine may be a virtual honeypot these days, for all we know. |
|
dave
Premium,MVM
join:2000-05-04
not in ohio | reply to AB
We're talking about Microsoft employees. What's Jim Allchin got to do with them? |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to dave
said by dave :Ah. One employee of Microsoft says something, and it's reported as 'Microsoft says'. . . . Speaking of which-- I wonder if Mr. Allchin has weighed in recently with any thoughts about how the 'Vista Experience' is treating his seven-year old?
»www.realtechnews.com/posts/3736 |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
 ·Verizon Online DSL
 ·Verizon FIOS
| reply to SUMware
Ah. One employee of Microsoft says something, and it's reported as 'Microsoft says'.
I wonder how much Russinovich is required to 'clear' what he says with the powers-that-be at Microsoft? I suspect the answer is 'not much', since technical fellows are valuable precisely for their ability to think independently; you're not going to keep many technical fellows happy if you insist on controlling them.
It's a huge company. There's not one uniform opinion.
I bet you'll find some core OS engineers that agree with Russinovich and some that are seriously pissed off at him for dissing their baby in public. |
|
