A lingering feeling that I’ve had for roughly the last year was solidified
for me last week at
Blackhat/DEFCON. Making fun of Microsoft’s security program is now passe. In fact, it’s so
far gone that the opposite is now en vogue. And for good reason.
I’ve been doing a lot of work on risk assessment, threat modeling, and
application security in the last few months, and in all my research travels
I’ve been hitting the same thing over and over.
I keep hearing this. Over and over. Everywhere. This isn’t to say that
nobody else is doing security well, but I would say that among the
big companies that are security-aware they’re probably still significantly
behind Microsoft.
A significant case in point can be found in
Internet Explorer 8‘s new XSS filter. According to
Rsnake, who should need no introduction with my readers, the filter is pretty
damn good. This may seem like a small thing to many, but when combined with
everything else, e.g. hardcore coding standards, inviting security
researchers to tear up their apps, etc., a clear picture is being drawn.
So the idea is this: blindly making fun of Microsoft’s security now betrays
a lack of current security knowledge rather than l33tness.
Interesting times we live in.:
0 responses on "A Shining Example of Socialism, and Why America Can’t Compete"