Listeners praised Microsoft Corp.’s recent efforts to improve product security and patch management after hearing them described in detail by Scott Charney, the company’s chief security strategist. But they agreed that Microsoft has not yet shown it can reach its own security goals. Speaking here at the Computerworld Premier 100 conference, Charney explained how, as part of its Trustworthy Computing initiative, Microsoft has delayed the release of products such as Windows 2003 and Visual Studio .Net. That way, he said, developers who have been trained in areas such as threat modeling and penetration testing can review the software code for flaws. The company also added two layers of security verification outside of the product groups, because having developers in the product groups be responsible for security “was like having the fox guarding the henhouse,” Charney said. Now, his department and an outside firm handle “pen testing” before a product is certified for public release. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.