Microsoft wants to raise public trust in software
- By Susan M. Menke
- Oct 04, 2002
Acknowledging that Microsoft Corp. products have 'too many vulnerabilities,' vice president Mike Nash said software must achieve 'the same level of trust as a public utility.'
Nash leads the security business unit that early this year enforced a four- to 10-week stand-down of product development at Microsoft while 11,000 coders studied threat modeling and peer-reviewed each other's work.
Nash said Visual Studio .Net is the first product to emerge from what he called the company's 'security push process.'
Windows .Net Server 2003, he said, will come out somewhat later than planned because of the security push, and it will arrive with Web server features turned off, because they otherwise could present a vulnerability if customers did not use them. He said the goal is to make software 'secure by design, by default and by deployment.'