I recently spoke with some MS Security Execs and I know they wouldn't argue with this point. They know they have to improve and are working hard to do so. It would have been nice had they started this work 10 years or more ago but thankfully they have started now.
Someone asked me to describe what I saw and heard about when I went out to Redmond to check things out recently and all I could really say is they are ramping up fast in the backend but it takes a while to spin things around when you have so many people using your product in so many ways. They truly have a ton of cool stuff they are working on and I personally had no understanding of how much was going on behind the doors and was quite surprised to see what I saw and how honest they are being about things internally. They aren't just standing there telling each other they are the greatest and all of this will just go away on its own. I realize from the outside it can look that way, I certainly had my own thoughts that way at times. It was good to see and hear that the IE team is pretty raw about the edges over the issues that have occurred over the last few years (as well they should be) and internally MS sees this and knows it and is working to correct. One thing that was asked for is that they move faster and release tools in an initially unsupported way to get the feedback sooner so the end results can be better. Right now they have a tendency to hold things close to chest for a long time testing and worrying and wanting to try and catch all possible issues so that they don't release something and get beaten up by a bunch of boneheads looking to hear their own name on lists and news broadcasts. This means a lot of stuff that they possibly have answers to don't see the light of day until a considerable time after the initial punch in the gut. I personally would be fully happy if tools were put out that were described as unsupported at the moment but we are working on finalizing it and releasing it in a supported manner. Then if a problem is found, feedback is given to MS properly and not a FD post of "oh my god MS sucks because they are so stupid and I figured it out because I am so L33T, etc etc ad nauseum" which this list in particular is SOOO good at. Some of the people around here shouldn't be able to breath they thump their own chest so hard and so much. Many of the others have no clue what they are talking about and simply reiterate anything they thought they heard that might be bad that they heard from someone much brighter than them. joe -- Pro-Choice Let me choose if I even want a browser loaded thanks! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Towles Sent: Tuesday, November 16, 2004 9:19 AM To: joe; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] IE is just as safe as FireFox Microsoft made a bold step by changing security in SP2. It was going to break stuff...and it was stupid to see people yell about that. They told us it would, we knew it would. I am glad to see they are starting to take steps toward a better systems, but Microsoft has room for improvement to say the least. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html