Ask Microsoft's Security VP

An extremely interesting read, Slashdot has sent questions over to the Microsoft Security VP Mike Nash, who agreed to answer them with no PR scrubbing. A ton of information is in the response, which is a fairly long read. As you may have guessed, so of the information is good news and others is not. It's clear that the original Microsoft security push in 2002 was nothing but lip service. It's also clear that, while security clearly has a much higher priority now, some within Microsoft are stilling ignoring that and just don't get it. An anonymous Microsoftie points out a specific example in one of the questions. The article also gives you a little appreciation for just how large Microsoft is. The shear number of initiatives, acronyms, procedures and policies in place is astounding. It's no wonder it's taking so long to turn the security train around. Old habits die hard and business pressures are currently clearly very high at Microsoft. Given the option of not getting a product shipped on time or shipping it on time with security flaws, I think most Microsoft teams are still choosing the latter. It is fantastic to see someone this high up at Microsoft speaking directly to users though and there is a ton from the Q/A that I didn't cover here….so I recommend you read the full article.
–jeremy
Microsoft, security, Trustworthy Computing Initiative, Mike Nash