Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
This story is especially dedicated to all the new IT Pro friends I met in Budapest this past week. I had meant to share this story with you, but it got squeezed out by more important discussions...
With the Windows Vista release drawing more near each week, I've been thinking back to the release of Windows Server 2003, which had been through the earlier version of the SDL and was expected to improve security for customers quite a bit. Of course, it was inevitable that vulnerabilities would eventually be discovered and patched, but how long? Well, it turned out that it didn't happen the first week - it took 6 weeks. MS03-020 was release on June 4, 2003, the 42nd day of availability for the product and it was a Critical patch.
As sometimes happens though, this got me to thinking. So, now, let's imagine a story...
Imagine that you are a salesperson and you have a big new product launch coming up, so you schedule time to spend the first week with all of your top customers. Customers have high expectations of your new OS, due to some widely announced security enhancements at the core of your OS. Then, the big day happens and the product ships! Unfortunately:
Of course, thinking quickly on your feet, you spin this news as best you can on your customer visits, telling your customers that:
Now, in this story, if you worked for Microsoft, you'd be out of luck. Just imagine the news stories about all of these patches and the insecurity! And for a lot of people, this would just be proof positive of your insecurity.
It turns out, though, if you work for a different company, it isn't so bad. How do I know? Well, because the first part of this story isn't imaginary at all (though the speculations about the sales person is). If you want to see the security notices behind this story, just click here and check it out.