Latent Geek

Friday, July 28, 2006

Is Microsoft more secure than Open Source? - The French Military say 'Oui!'

Almost 4 years ago to the day, Bill Gates announced the Microsoft 'Trustworthy Computing Initiative' with its Four Pillars of Security:
Security
Privacy
Reliability
Business Integrity

At the time, I was working as Security Business Manager for a major Microsoft Partner and even we felt that Microsoft had received far to much of a kicking from the market over glaring security bloopers to ever be able to redeem itself as a 'Secure Platform' for business. However, I have to say that those crazy kids in Redmond really did step up to the plate. Every developer was re-educated in the art of secure coding and a stringent process of code review were put in place, to the extent that employees were financially rewarded for discovering security flaws in code and penalized for introducing them. Thats right. MS were determined to hit ctrl+alt+del on the recurring security headache and realizing that a shiny new logo and PR campaign wouldn't cut it, resolved to deal with the problem from the ground up.

These days, 2003 server arguably holds it's own with the best that the Linux and UNIX world has to throw at it from a security perspective and stays up pretty well too! And as far as the Desktop and Office suit is concerned, well XP's Security Center and corresponding website has played a crucial part in regaining users trust in the software giant.

What about Office? Remember all those problems with malicious macros that caused havoc in yester year? Well, according to a report on The Register®, the French MoD at least, think Microsoft have dealt with the problem better than most (or more specifically better than OpenOffice). Now no doubt OpenOffice.org will step up to the plate on this one and point out that being open source, the community can easily and quickly implement a fix to meet the requirements and critics will also point to the fact that over 24 flaws have been found and fixed in MS Office this year alone. However I can't help thinking that finding and fixing flaws before they bite you on the ass is exactly what a software company taking security problems seriously should be doing!

0 Comments:

Post a Comment

<< Home