InfoWorld Home / Security Central / Security Adviser / Pigs fly! Microsoft leads in security
June 19, 2009

Pigs fly! Microsoft leads in security

Microsoft's success with Security Development Lifecycle has security experts buzzing and offers lessons -- along with a heap of free resources -- for your company

| Print | 8 comments|
959 Recommendations

Talk about a turnaround. It's always hard to recognize the larger, slow-moving paradigm shifts as they happen. But after a decade of bad press regarding its commitment to software security, Microsoft seems to have turned the tide. Redmond is getting consistent security accolades these days, often from the very critics who used to call it out. Many of the world's most knowledgeable security experts are urging their favorite software vendors to follow in the footsteps of Microsoft.

Haters will always continue hating, but the technical press is giving a lot of favorable coverage to Microsoft's successful efforts to make itself a computer software security leader. Here are some recent examples:

"Microsoft for a long time rightly got a bad reputation for insecure products. However, as an industry we should recognize the sea change in Microsoft's approach to security, of which this [Microsoft's plans to share its Security Development Lifecycle process components] is just one example, and encourage other vendors to follow Microsoft's lead." -- SANS NewsBites

[ Roger Grimes lays bare two of the most vulnerable components of Internet security: software and Web browsers | Learn how to secure your systems with Security Adviser newsletter. ]

"Microsoft becomes high priest of secure software development." -- CNET

"When I first started writing about information security five years ago, all a writer had to do was mention Microsoft in the same headline space as 'security vulnerability' to strike page-view gold. In 2004 Microsoft was a couple years into its Trustworthy Computing Initiative but it remained the software company IT security practitioners hated with glee.... That's not so much the case today." -- Computerworld

"'This [Windows 7 new memory protection] is smart,' said Charlie Miller, who as principal analyst at Independent Security Evaluators has successfully exploited weaknesses in Windows, OS X, and Linux. 'I think they're [Microsoft] trying to stay ahead of the curve.'" -- The Register

Related Content...
additional resources
White Paper - How to Improve Delivery of Advanced Web Applications

White Paper

Virtual Workforce: The Key to Expanding The Business While Cutting Costs

Get the independent advice and expertise you need to support a virtual workforce.

Go inside:
The three-step approach to making a virtual workforce a reality.
The four flavors of client virtualization technologies.
The three key initiatives that solve IT challenges.
Download now »
White Paper: Successfully Secure Your Wireless LAN With Wi-Fi firewalls.

White Paper

Addressing Linux Threats Leveraging Fewer Resources

The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.

Download now »
White Paper - The 2009 Handbook of Application Delivery

White Paper

The 2009 Handbook of Application Delivery

Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.

Download now »
White Paper - Is Your Backup System Outdated?

White Paper

Mid-range Storage Considerations

A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.

Download now »
7 of 8 comments
Sign In or Register to comment
amercer 19-Jun-09 8:44am
Roger wrote regarding Microsoft's changes: "Now it has become a model for many other popularly attacked products, and vendors not using a regularly scheduled patch period are being asked to get on board by their customers." I couldn't agree more but would ask even more, that other vendors work with Microsoft to develop a enterprise patch management and delivery system similar to WSUS or build upon WSUS to allow deployments of patches other than Microsoft's own.
cmaurand 19-Jun-09 9:56am
What have you been smoking? ActiveX is still there in all of their products and all of the malware and virus problems rely on ActiveX. As long as ActiveX is there, Windows will have major troubles.
jerrylombardo 19-Jun-09 3:05pm
1 reply
It's about time someone noticed that MS has a secure platform to offer. Now when will someone notice that Apple also wants you to type a password - even when installing system updates?
rbert16000 25-Jun-09 6:53am
1 reply
Right on... Just another thing MS is copying from Apple.
rbert16000 25-Jun-09 6:54am
OSX has been doing this for years.
Devarie 24-Jun-09 9:10am
Nice article although fells like another derivative of the media and malinformed hype regarding security on MS products. The media has made its dent in ridiculing MS attempts to security with the "alow or deny" ads brought up by Apple but as "lombardo" says above, those who use Macs also know that they ask for passwords and so does Linux. Now, not trying to cover the sky with one hand, there is something to be said about a popular applications such as those produced by MS, as the malicious developers strive to maximize their gains. Why would they go after Mac or Linux? Anyways, I am glad that someone is kind of pointing out that MS has secure products it is just that it gets painted as if the other products aren't vulnerable. I wonder what kind of structure where those large enterprises that became victims of malicious attacks running. I wonder how many had redhat or mac or Suse etc as their front ends. Yes, MS blows, but is there anything substantially better out there?
rbert16000 25-Jun-09 6:52am
HEAP is right! Why cant they get it right and make it so! As long as they use snippets, there will be hackers to exploit them.

Sign up to receive InfoWorld Resource Alerts

Subscribe to the Today's Headlines: First Look Newsletter

Find out what will be news for the day, with our first-thing-in-the-morning briefing.

White paper

Log Management: How to Develop the Right Strategy for Business and Compliance

This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.

Download now! »

White paper

The Essential Series: Security Information Management

Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.

Download now! »

White paper

Aberdeen: Choosing and Consuming Managed Security Services

Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.

Download now! »
©1994-2010 Infoworld, Inc.