Talk about a turnaround. It's always hard to recognize the larger, slow-moving paradigm shifts as they happen. But after a decade of bad press regarding its commitment to software security, Microsoft seems to have turned the tide. Redmond is getting consistent security accolades these days, often from the very critics who used to call it out. Many of the world's most knowledgeable security experts are urging their favorite software vendors to follow in the footsteps of Microsoft.
Haters will always continue hating, but the technical press is giving a lot of favorable coverage to Microsoft's successful efforts to make itself a computer software security leader. Here are some recent examples:
"Microsoft for a long time rightly got a bad reputation for insecure products. However, as an industry we should recognize the sea change in Microsoft's approach to security, of which this [Microsoft's plans to share its Security Development Lifecycle process components] is just one example, and encourage other vendors to follow Microsoft's lead." -- SANS NewsBites
"Microsoft becomes high priest of secure software development." -- CNET
"When I first started writing about information security five years ago, all a writer had to do was mention Microsoft in the same headline space as 'security vulnerability' to strike page-view gold. In 2004 Microsoft was a couple years into its Trustworthy Computing Initiative but it remained the software company IT security practitioners hated with glee.... That's not so much the case today." -- Computerworld
"'This [Windows 7 new memory protection] is smart,' said Charlie Miller, who as principal analyst at Independent Security Evaluators has successfully exploited weaknesses in Windows, OS X, and Linux. 'I think they're [Microsoft] trying to stay ahead of the curve.'" -- The Register