For years Microsoft has been known as, amongst other things, an easy target for hackers. Products were so infested with vulnerabilities that Bill Gates once ordered all engineers to stop writing code for a month and focus this time to fix bugs in software they had already built.
But, Microsoft seems to have cleaned up its act, they’ve even impressed security specialists like Mikko Hypponen, chief research officer for F-Secure who used to cringe at Microsoft’s development practices. Mr. Hypponen said, “They’ve changed themselves from worst in class to best in class. The change is complete. They started talking security very seriously.”
Still, online hacking has become even more startling, such as the theft of personal data from millions of Target customers and terabytes of private emails from Sony Pictures Entertainment (both companies use Microsoft products). Even though Microsoft hasn’t been blamed for allowing these attacks, critics insist that the tech giant should do even more to make digital systems resistant to breaches.
Soon after becoming Microsoft’s chief executive in February 2014, Satya Nadella instituted a monthly meeting with security leaders from across the company. The meet to discuss industry trends and analyze threats. Microsoft’s security managers are now moving into the same facility after being scattered around the company’s campus in the Seattle suburb.
There are still plenty of bugs being discovered in Microsoft’s code. But some of the fears about the security of their programs have gradually subsided.
There is no doubt that Microsoft has made preventing hackers a priority. The latest version of their operating system, Windows 10, has a feature called Windows Hello that allows people to log into a PC with a scan of their finger, iris or face instead of using a password –weak passwords are a common cause of data breaches.
Read Article (Nick Wingfield | nytimes.com | 11/17/2015)
Microsoft should have addressed their coding vulnerabilities long ago, focusing for a month definitely isn’t enough. Their development process should have included a task element that addressed these issues.
Master Level High-Tech Webinars