Microsoft's security push costs $100 million
At the Microsoft Tech Ed conference in Barcelona, David Thompson, VP of the Windows Server Products Group, has given a view of how much the company has put into its security push. The man-time alone, it appears, has cost around $100 million and that's in his group alone.
Much of the effort, it would seem, has gone into changing the mindset of Microsoft's developers. Instead of looking to write 'cool' code they are now expected to write 'secure' code. This appears to confirm many of our worst fears about Microsoft coders of the past -- that the need for properly engineered code was not previously recognized as a priority. Thompson added fuel to this line of thought by stating that 5000 Microsoft staff spent February and March learning about security -- an implication that they didn't know anything before that time?
We should, of course, take these comments in the spirit that they were meant. Microsoft has recognised that it needs to understand security better and it has invested massively to ensure that its developers are able to build better products. The end result will be better for the large number of businesses that are trying to build their systems on the .NET framework.
Microsoft has concentrated heavily on the management issues and provides extensive support for PKI along with a strong focus on authentication and policy-based administration. A lot of effort has also gone into the publication of Web services with UDDI. As a combination, all of these features point strongly towards extended use of Active Directory technology.
The overall hit that Microsoft has taken is much greater than the $100 million stated. There are other product development groups that have made similar investments in man-time and training and the product delivery schedules have all been dragged back by a few months.
The point is that, for Microsoft, this was an investment that it had to make if .NET is ever going to have the credibility needed to support distributed business systems. It cannot encourage businesses to open up their applications through Web services and then put them at risk from hackers or denial of service attacks.
The big hope for us all has to be that this new found 'secure' coding skill will translate into proper software engineering and that the products that we buy from Microsoft in the future will be robust enough for mission critical activities. We can but dream.
Copyright 2002 IT-Director.com provides IT decision makers with free daily e-mails containing news analysis, member-only discussion forums, free research, technology spotlights and free on-line consultancy. To register for a free email subscription, click here.
For More Information:
- Looking for free research? Browse our comprehensive White Papers section by topic, author or keyword.
- Are you tired of technospeak? The Web Services Advisor column uses plain talk and avoids the hype.
- For insightful opinion and commentary from today's industry leaders, read our Guest Commentary columns.
- Hey Codeheads! Start benefiting from these time-saving XML Developer Tips and .NET Developer Tips.
- Visit our huge Best Web Links for Web Services collection for the freshest editor-selected resources.
- Visit Ask the Experts for answers to your Web services, SOAP, WSDL, XML, .NET, Java and EAI questions.
- Discuss this article, voice your opinion or talk with your peers in the SearchWebServices Discussion Forums.