Microsoft Exec: Our Products Just Aren't Engineered For Security

The soothing feelings that many get from Confession must surely be settling over some in Redmond. Brian Valentine, the senior VP of Windows development for Microsoft, recently owned up to something the rest of the world has long known: the companyis products arenit built for security. InfoWorld has published an article detailing issues of Microsoft security that includes a quote from Mr. Valentine delivered to a group of Windows developers concerning this issue. From the article:

"Iim not proud," Valentine said, as he spoke to a crowd of developers here at the companyis Windows .Net Server developer conference. "We really havenit done everything we could to protect our customers ... Our products just arenit engineered for security."

This subject was first broached by PBS columnist Robert X. Cringely in a piece about a TCP/IP conspiracy (read the original piece from Mr. Cringely at PBSis Web site, as well as commentary on the subject from our own Bryan Chaffin and Rodney O. Lain). In that piece, Mr. Cringely said that not only has Microsoft never worked to make its products secure, but that the company was deliberately doing so in order to ready the world for a Microsoft-owned TCP/IP replacement.

There is more information in the InfoWorld piece that takes a very balanced look at Microsoftis security efforts, and we found it to be a good read.