[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Microsoft forms security think tank



On Sat, 2003-02-22 at 02:03, Jerry Hubbard wrote:
> On Fri, 2003-02-21 at 15:20, dsavage@peaknet.net wrote:
> > Name a handful of academics to a board and have it meet twice a year.
> > Sounds like an effective solution to Microsoft's security problems to
> > me...
> > 
> > http://www.infoworld.com/article/03/02/21/HNmstank_1.html
> > 
> > --Doc
> 
> But, have you checked the ROI? Have two meetings a year or pay
> programmers to fix the problem?
> 
> Just thinking out loud, I wonder how many M$ programmers work on Open
> Source projects on their time? They could take pride in their Open
> Source work. 
> 
> -- 
> Jerry Hubbard

Jerry,

Don't forget the third leg on that stool: pay lawyers to deny the
problems instead of programmers to fix them. (Shakespeare was right.)

Until very recently I thought the single most effective solution to the
majority of M$ security problems would be the removal of all dlls that
support autoexecution of code. I now believe an effective compromise
would be to simply disable that functionality by default.

This would cause an uproar from the Windows community when familiar
things don't seem to work any more. Red Hat proved this is a feasible
strategy when they cleaned up the out-of-the-box security profile in
their 7.0 (IIRC) release. Once the initial wave of user complaints
dissipated, most folks realized the wisdom of the change and would not
want to return to the old ways.

And yes, I'm certain there are legions of M$ programmers and former
programmers working on OSS projects. Just because senior management is a
bunch of monopolistic hooligans doesn't mean there aren't quality folks
in the trenches.

--Doc


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.