Greetings; I agree with all your statements except for "some attention to this problem by Microsoft is better than none."
There are too many people, that don't realize the magnitude of the task, that will think, "Wow! They spent a *whole*month* looking for security holes!" and regard that as sufficient time to have found most, if not all, of the security problems. They will then promptly ignore all the previous warnings and procedures and a lot of us are going to have some really big headaches! I expect MS will soon publicize this activity, and talk about person-years and lines of code and worldwide resources, etc. This will only make the problem worse for those in the trenches because of the general user's perception. Good Luck To Us All! Dennis "Post, Mark K" <[EMAIL PROTECTED]>@VM.MARIST.EDU> on 02/05/2002 09:24:39 AM Please respond to Linux on 390 Port <[EMAIL PROTECTED]> Sent by: Linux on 390 Port <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] cc: Subject: Microsoft Takes a Break to Clean Its Code I got this in today's email. I think anyone who believes that a one-month security audit of all Microsoft's code is going to find even a small percentage of the problems needs a psychiatric evaluation. How long did the OpenBSD folks take to do their audit? I think their first _phase_ lasted about a year. Oh well, some attention to this problem by Microsoft is better than none. I just hope no one really expects a lot to come out of it. Mark Post -----Original Message----- From: [EMAIL PROTECTED] Sent: Tuesday, February 05, 2002 9:41 AM ======================================================== THE INFOWORLD SCOOP A.M. EDITION ======================================================== Tuesday, February 5, 2002 MICROSOFT TAKES A BREAK TO CLEAN ITS CODE Posted February 04, 2002 05:17 Pacific Time AFTER NEARLY 25 years of writing software code, Microsoft is taking a break to do a little housecleaning. The company has ordered a temporary halt in the development of new code and has instructed its developers to go back and check for security holes in the piles of ones and zeros already written. The clean-up targets the gamut of Microsoft products from its desktop operating systems to its newly released .Net tools, a Microsoft spokeswoman confirmed Monday. Each division will stop writing new code for about one month. For the full story: http://www.infoworld.com/articles/hn/xml/02/02/04/020204hnmscode.xml?0205tua m
