An interview with Steve Balmer: "For years, I would say, customers thought things were fine. If you go look at our customer surveys two years ago, security was not (an issue) that would have shown up at the top of the list...and it actually doesn't show up high on the list except through the lens of security today. It's a different kind of issue. We did apply ourselves responsibly to many of the issues that are important. It's also important to remember that both because our products are popular and because we are (who we are), our stuff is a target. It's a target because it's popular, and it's a target because it's more fun to disrupt our stuff than Linux's stuff. "

Microsoft finally see that security is an issue. And I believe they are serious about fixing it. However, because of IT market economics, the task is more difficult than they pretend it is. And Ballmer's statement outlined above is one of the few direct answers in the interview. Most of the other answers can only teach you about art of spin.

8:30:07 PM    

Two security heavyweights Schneier & Shostack suggest measures Microsoft should take to move its trustworthy computing initiative beyond PR and into practice.

Most of the suggestions are reasonable, some are impossible because thez would would inhibit .NET future.

Gene Schultz adds in the SANS newsbites: "Schneier and Shostack's comments are good, but they missed by far the most critical measure that is needed---implementing a structured development process designed to produce high quality code. Without this, the other measures suggested by Schneier and Shostack will not have nearly as much impact."

8:22:15 PM