Pretty good post here with some security what-if scenarios, such as the above.

The view of someone who was there (regarding the Trustworthy Computing Memo what-if): the Windows security stand-down (aka security push) took place in early 2002, right in the middle of my career at Microsoft. It wasn’t the TwC memo that made 11,000 engineers stop work on the most profitable – and expensive – software project in history; it was the crisis in confidence in the Windows franchise.

The Code Red and Nimda worms had both hit within the preceding six months. There was the perception that Microsoft had not only suffered permanent damage to its reputation, but indeed that its customers were running for the exits and would not be coming back.

Good things came from the situation, however, and the TwC memo was a catalyst. The Windows security stand down was successful inasmuch as it resulted in a massive scrubbing of an enormous legacy code base. This was also the first real-world test of the early Microsoft Security Development Lifecycle processes, including threat modeling, security reviews, and the Secure by Design, by Default, and in Deployment mantra. The benefits of this experience have since been documented, implemented in tools, spread across the company, and made available to Microsoft’s partners and customers.

A frequently overlooked result of the same events which led to the TwC memo: Patch Tuesday. An imperfect solution to a very difficult problem.

No Comments »