It's all about trust
One of the widest security discussions this year was certainly focused around the Microsoft Trustworthy Computing initiative. Some were praising it while others like Russ Cooper weren't that happy about it and back in February he said that, in his opinion, the initiative was failing.
Ten months later I was curious to hear what Cooper thought on the subject. He said: "At this point I will give Microsoft a "D" for 2003's efforts. The "Protect Your PC" effort is a very good start at outreach to the consumer community. I feel there are more and better things they should do, such as free upgrades for everyone with a licensed copy of a Windows OS to Windows XP, availability of a Windows Update CD at convenient locations such as Wal-Mart, and modifications to how the OS is configured by default."
Does anyone notice Microsoft's efforts?
Despite constant negative reports on Microsoft security, in March the SANS Institute awarded Microsoft for their security efforts. Many people truly believe that Microsoft is trying to improve while others say it's all just marketing. Microsoft seems to be trying as they setup courses that teach secure coding in several universities worldwide. The questions is - are things getting better?
Skoudis said: "Steering the giant ship that is Microsoft toward more security is an arduous task. I did a back-of-the-envelope calculation a while back, and determined that Microsoft is currently supporting more than a billion lines of code across its entire product line. That's an ocean of potential problems, and it's understandable and unfortunate that it's going to take some time to secure it all. Now, don't get me wrong. I'm not a Microsoft apologist. I slam them when they deserve it. That said, we have to admit and understand the magnitude of their challenge."
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.