This post originated from an RSS feed registered with .NET Buzz
by James Avery.
Original Post: Disappointed with Microsoft
Feed Title: .Avery Blog
Feed URL: /blog/Install/BlogNotConfiguredError.aspx
Feed Description: .NET and everything nice
Ok, Microsoft is going to get alot of shit for the latest security flaws... but I am going to give them a little bit more. I have come to terms with the fact that software will have security flaws, just like bugs, they are somewhat inevitable in complex software solutions. The thing that really bugs me is that supposedly Microsoft has known about this for over 200 days. Not just known about it internally, but was notified by security company eEye on July 25 of 2003!
How is anyone supposed to take any of this Microsoft is getting more secure BS seriously when they take 200+ days to get out a patch to a very very serious vulnerability. This vulnerability could be used to gain access to practically any Windows server in the world. Servers in the Department of Defense? Sure. Servers that run our utilities? Sure. Servers at the CIA? Sure. So basically there was a group of individuals outside of Microsoft who knew a way to do just about anything you can imagine for 200 days. How secure was that information? You see where I am going.
It is just a major disappointment, and it will make it that much harder to convince our clients to use Microsoft technologies and software... how the hell can you justify that? What do you tell a client when they ask you about Microsoft and security?
Previous Topic
