Friday, June 17, 2005

Security features for fun and profit

(I posted a version of this on Slashdot as a reply to someone's comment expressing doubt about Microsoft's true level of interest in shifting their corporate focus to securing their software).

To Microsoft, security is about features. A builtin "firewall", VPN, encryption of this or that, trusted something or other. Applets and wizards.

They're basically stuck in that position, too. The cash cow is actually layer upon layer of such features, fundamentally designed for a different, and far less ambitious, job than it's now asked to perform.

I'd better stop, or I'll go into full-on rant mode. Oops, too late.

Windows needs a complete rewrite, but that's not enough. If they did that now, they'd wind up with the same sorts of problems they currently have.

Even a total refocus on security is not enough. They have to change who they are as a company.

It's my understanding that at Microsoft, as at many software companies, the prestige and resources allotted to a group of programmers is determined by how much revenue their piece of the product will produce.

To make software customers can trust, they will have to change that mindset.

To a software business the value of a product can be measured by how much money it makes, but it's an unholy error of the stupidest freshman sort to value individual parts of the design by how much they'll bring in. Some parts are so essential, and some phases of design so vital, that without proper attention paid to them the overall product falls on its face.

The marketplace doesn't know enough about the inner workings of your product to tell you what value to place on any particular phase of design. The market (eventually) tells you how well it likes the finished product versus your competitor's, but hidden design processes aren't part of the comparison.

Security has got to be considered at every step of the design process. It follows along with robustness, portability, scalability, and overall algorithmic soundness.

I have a suggestion for you Microsoft design managers out there, for the next time your boss says, "Hey, let's make [X] really easy - that would really sell!". Don't just nod. Look at them and say, "Maybe, but it would also be simple to exploit."

The response will tell you how far the focus has really shifted.

2 comments:

Alex Zhao said...

Unfortunately, there are 2 fundamental problems:

1. Microsoft values backwards compatability a LOT. Absolutely everything must work with everything before it or as much as possible.

2. If Microsoft tried this, then another company would step up, feature cram their products, and win.

Remember, the general users these days don't mind security flaws as much as they mind lack of features.

michelfisher34102720 said...

I read your blog, and i thought it was rather cool. check out My Blog
Please Click Here to view it

Have a great day.