Microsoft wants to raise public trust in software

Mike Nash

Acknowledging that Microsoft Corp. products have 'too many vulnerabilities,' vice president Mike Nash said software must achieve 'the same level of trust as a public utility.'

Nash leads the security business unit that early this year enforced a four- to 10-week stand-down of product development at Microsoft while 11,000 coders studied threat modeling and peer-reviewed each other's work.

Nash said Visual Studio .Net is the first product to emerge from what he called the company's 'security push process.'

Windows .Net Server 2003, he said, will come out somewhat later than planned because of the security push, and it will arrive with Web server features turned off, because they otherwise could present a vulnerability if customers did not use them. He said the goal is to make software 'secure by design, by default and by deployment.'

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above