The First Step on the Road to More Secure Software is admitting you have a Problem

The First Step on the Road to More Secure Software is admitting you have a Problem

  • Comments 2
  • Likes

  GREAT post by Michael Howard over on the SDL blog about the hyperbole that usually crops up on <cough>/.</cough> whenever Jeff Jones posts his vulnerability analysis report.image

  • "This is FUD"
  • "Yeah, but it's not an apples to apples comparison"
  • "How can you believe this guy? He works for Microsoft!"
  • "What would Microsoft know about security?"
  • "For his next trick..."
  • "That chart really hits home the fact that statistics can be used to prove any side of any argument"
  • "Of course he says Windows is the best, that's what he's paid to do."
  • "Counting vulnerabilities is a natural way to measure security. If you're a retard."
  • "The other big reason linux is more secure is many black hats LOVE open source principles"
  • "Can someone please slap MSoft in the teeth"
  • "I can't actually remember a time when my mac needed a patch to fix a security hole."

A few years ago I spoke to some senior technical people from a large financial organization about software security. After visiting Microsoft they were off to visit another operating system vendor. I won't name names. The financial company was very interested in our early results, and they were encouraged by what they saw because of the SDL. I asked the most senior guy in the room to ask the other company one very simple question, "What are they doing to improve the security of their product? And by that I mean, what are they doing to reduce the chance security vulnerabilities will creep into the product in the first place? And they cannot use the word ‘Microsoft' in the reply." Two weeks later, the guy phoned me and said...

You'll need to read the rest of the post to find out what he said, but I guarantee the post is worth a read: http://blogs.msdn.com/sdl/archive/2008/02/21/the-first-step-on-the-road-to-more-secure-software-is-admitting-you-have-a-problem.aspx

Comments
  • Beijing on June 10 morning news, according to Bloomberg survey report GTM Research and the American Solar Energy Industries Association released the first quarter of this year, US home solar power system capacity increase of 76% over last year, to 437 megawatts (MW) ,Solar Batteries http://www.poweroak.net the nation's new generating capacity, more than half of which is a photovoltaic power generation. The report shows that a quarter of the US solar power capacity by 1.3 gigawatts (GW), the sixth consecutive quarterly increase of over 1 GW. The total annual installed capacity is expected to reach 7.9 GW, Solar Power Penerator http://www.poweroak.net , Solar Power Pack http://www.poweroak.net representing an increase of 27%.
    The report predicts that by 2016 solar power will meet the electricity needs of about 800 million households in the United States to offset 45 million metric tons of carbon emissions, equivalent to removing 10 million cars. energy storage system http://www.poweroak.net/energy-storage-system-c-1.html

  • Beijing on June 10 morning news, according to Bloomberg survey report GTM Research and the American Solar Energy Industries Association released the first quarter of this year, US home solar power system capacity increase of 76% over last year, to 437 megawatts (MW) ,Solar Batteries http://www.poweroak.net the nation's new generating capacity, more than half of which is a photovoltaic power generation. The report shows that a quarter of the US solar power capacity by 1.3 gigawatts (GW), the sixth consecutive quarterly increase of over 1 GW. The total annual installed capacity is expected to reach 7.9 GW, Solar Power Penerator http://www.poweroak.net , Solar Power Pack http://www.poweroak.net representing an increase of 27%.
    The report predicts that by 2016 solar power will meet the electricity needs of about 800 million households in the United States to offset 45 million metric tons of carbon emissions, equivalent to removing 10 million cars. energy storage system http://www.poweroak.net/energy-storage-system-c-1.html

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment