[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Microsoft continues to mislead public about Windows securitybugs (a bit long, with references)
At 0:37 1/9/96 -0800, Lucky Green wrote:
>
>Very true. But why does it always seem to take an exploitable crack before
>companies pay attention to security flaws? Is it because they are unable to
>admit that they have made a mistake? Everybody makes mistakes. What's the
>big deal? I really don't understand it. Any psychologists on this list?
Having, in the past, attempted to sell an Operating System with high
security features, and failed, I think I can give you some insight.
Security does not sell an OS to anyone, even the Department of Defense.
People buy OSs to run applications. The only thing a lack of security in
an OS will do is allow someone in an obscure department (perhaps called
Corporate Security) to say no.
Security is a checkoff item, and if you can convince a retired major that
the OS is secure, then he will approve it. He is not going to check the
details. His expertise is in guard stations and chain link fences.
However, if someone, e.g. the trade press, rubs his nose in the fact that
an OS's security can be breached, then he will take action. He will
pressure the publisher to release a fix that they say will fix the problem.
When they do, he will be happy.
Microsoft particulary, is oriented to selling product, not pride in workmanship.
-----------------------------------------------------------------
Bill Frantz Periwinkle -- Computer Consulting
(408)356-8506 16345 Englewood Ave.
[email protected] Los Gatos, CA 95032, USA