LISTSERV - TEAM-ADA Archives - LISTSERV.ACM.ORG

A recent article by Mark Jones in InfoWorld
http://www.infoworld.com/articles/hn/xml/01/11/19/011119hnmssecure.xml?1119m
npm
leads me to believe that Microsoft is finally waking up to the need for
better security in its business and consumer products.

However, I disagree with that the real issue is privacy.  The real issues
are
security, privacy, integrity, and reliability.

Software should do what it's MARKETING LITERATURE and user documentation
describes it as doing.  If someone buys software to send and receive email,
word processing or or electronic publishing that is what it should do (by
default).
Building into Microsoft's software extra "bells and whistles" or poorly
documented "backdoors" such as the ability to execute an outside partie's
code in attachments or macros is irresponsible and an invitation to
outsiders
to launch malicious attacks on Microsoft customers.  Stating that "People
errors are the bulk of the problem with [security] errors today." is just an

attempt to shift blame and shirk responsibility.  This is like shister
lawers
building loopholes for themselves into the small print.  Or a hardware store
selling high explosives to an unqualified individual and disclaiming
responsibility because the individual lit the fuse.

If Microsoft wants to "convince people that Microsoft products are
trustworthy."  Microsoft must first demonstrate that the company and its
products can be trusted.

A company earns trust by competing fairly and establishing an environment
where first to market is less important than most trusted on the market.
Building trusted software starts by convincing Microsoft managers and
software developers to place security, privacy, integrity, and reliability
first.  Stop shipping products that haven't been tested.  Stop shipping
products that invisibly report information about a user's system back to
Microsoft.

Microsoft products are full of problems like: buffer overruns, unchecked
return status, undetected & unhandled over/underflow, and pointer
arithmetic.
Many of these problems could be solved by using a programming language
designed to build reliable systems, e.g., Ada.  All of these problems
could be solved by good "software engineering" and "responsible management."

Rush Kester
Software Systems Engineer
Speaking for myself