Secure Coding mailing list archives

RE: Any software security news from the RSA conference?

From: "Alun Jones" <alun () texis com>
Date: Mon, 01 Mar 2004 15:58:38 +0000

-----Original Message-----
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of ljknews
Sent: Friday, February 27, 2004 9:51 AM

You must be thinking of a different Bill Gates than the one familiar
to me.  I am thinking of the one who announced a few years ago that
Microsoft would stop other activities for a month and fix 
their security.


I wonder if this is the same Bill Gates who then doubled that time off new
development (note - he doesn't talk about security as a finished job), and
mandates the reading of the book "Writing Secure Code", amongst other
things.

But Bill isn't the only person at Microsoft, and it's really important that
a large number of people at Microsoft "get it".  Bill's job, when he turns
up to these things, is essentially to say whatever Microsoft's game plan is,
currently, not to impress us that he has found religion.  What's key is the
number of other people within Microsoft that "get security".  As a Security
MVP, I get to spend time with some of these people, and they really do seem
to have a clue - I should know, I fill their inboxes with whatever my latest
pontifications on security are, and I read the responses I get back very
carefully.

Microsoft has a lot of code to contend with, and much of it is old - so a
lot of it has had to be scrubbed clean of imperfections, and some has had to
be re-written.  And yet, they're actually _doing_ it.  How many people are
howling about the decision to remove the non-RFC http format that's used by
so many scammers and spammers?  How many people are going to howl that
enabling the firewall by default in SP2 makes life "harder" for them?  There
are some very tough decisions being made in the right direction here, I
think.

Alun.
~~~~
-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place   | [EMAIL PROTECTED]
Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.

Current thread:

Any software security news from the RSA conference? Kenneth R. van Wyk (Feb 25)
- <Possible follow-ups>
- RE: Any software security news from the RSA conference? Gary McGraw (Feb 26)
- Re: Any software security news from the RSA conference? Bill Cheswick (Feb 26)
  - Re: Any software security news from the RSA conference? jnf (Feb 27)
  - Re: Any software security news from the RSA conference? ljknews (Feb 27)
    - RE: Any software security news from the RSA conference? Alun Jones (Mar 01)
    - Re: Any software security news from the RSA conference? Mark D. Rockman (Mar 02)
- Re: Any software security news from the RSA conference? Mark Curphey (Feb 26)
- Re: Any software security news from the RSA conference? Mark Curphey (Feb 26)
  - Humor: Re: Any software security news from the RSA conference? Dave Aronson (Feb 27)
  - RE: Any software security news from the RSA conference? Dave Paris (Feb 27)
- RE: Any software security news from the RSA conference? ljknews (Mar 01)