March 31, 2004

Microsoft Progress Report: Security

Bill Gates fired off one of Microsoft's periodic "Executive E-mail" blasts today to customers to revisits Microsoft's ongoing security initiatives. In the email he goes into discussion on four key areas:

  • Isolation and Resiliency
  • Updating
  • Quality
  • Authentication and Access Control
I will let you judge for yourself on his views. Personally, I quite enjoyed reading the email. I was quite interested in some of the stats he spoke of as it relates to their new code quality efforts. Here is a quick summary:

  • The number of "critical" or "important" security bulletins issued for Windows Server 2003, compared to Windows 2000 Server, dropped from 40 to 9 in the first 320 days each product was on the market.
  • Similarly, for SQL Server 2000, there were 3 bulletins issued in the 15 months after release of Service Pack 3, compared to 13 bulletins in the 15 months prior to its release.
  • With Exchange 2000 SP3, there was just 1 bulletin in the 21 months after its release, compared to 7 bulletins in the 21 months prior.
Anyways, take some time and go read the email. In the meantime, lets end this entry quoting Bill:
Technology has come an incredibly long way in the past two decades, and it is far too important to let a few criminals stop the rest of us from enjoying its amazing benefits.

Amen.

Posted by SilverStr at March 31, 2004 07:33 PM | TrackBack
Comments

If they are considering after release defects, they should compare usage to defect ratios. Though these are hard to measure, but if one product is not used that much as the other, its natural less defects will be found.

Posted by: Khurram at September 9, 2004 08:44 AM