Scoble posted about an InfoWorld article that talks about how Windows Server 2003 disappears from a particular vulnerability list. Of course it's an interesting tidbit, but that's not why I'm posting about it. I'm blogging this because of this section of the article:
-
Microsoft was able to bring about the improvements in Windows security only by making fundamental changes in the way development takes place. "You need a better process," Howard said, explaining that Microsoft has adopted a program it calls the Software Development Lifecycle. According to Howard, this means that when Windows goes through the development process, security is now designed in from the beginning.
Uh, hello? Anyone see what's wrong with this? Is Microsoft JUST NOW getting around to using a true software development process? And you mean to tell me that they are JUST NOW designing security in at the beginning? I don't know about you, but I assumed that a company that “owns” 90% of the world's desktops would have already had a software development lifecycle in place.
Print | posted on Saturday, June 26, 2004 7:25 PM