Create an Account
username: password:
 
  MemeStreams Logo

'Results, Not Resolutions' | Schneier and Shostack on Gates memo

search

Jeremy
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Jeremy's topics
Arts
  Literature
   Classical
   Fiction
   Horror
   Non-Fiction
   Sci-Fi/Fantasy Literature
  Movies
   Movie Genres
    Action/Adventure
    Cult Films
    Documentary
    Drama
    Horror
    Independent Films
    Film Noir
    Sci-Fi/Fantasy Films
    War
  Music
   Music Styles
    Classical
    Electronic Music
    Rap & Hip Hop
    IDM
    Jazz
    World Music
  TV
   TV Documentary
   TV Drama
   SciFi TV
Business
  Finance & Accounting
  Industries
   Tech Industry
   Telecom Industry
  Management
  Markets & Investing
Games
  Video Games
   PC Video Games
   Console Video Games
Health and Wellness
  Medicine
Home and Garden
  Cooking
  Entertaining
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
  Israeli/Palestinian
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   California
    SF Bay Area
   Events in Washington D.C.
   News for Washington D.C.
   Georgia
    Atlanta
     Atlanta Events
Science
  Biology
  History
  Math
  Medicine
  Nano Tech
  Physics
Society
  Economics
  Education
  Futurism
  International Relations
  History
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Philosophy
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   PC Hardware
   Human Computer Interaction
   Computer Networking
   Macintosh
   Software Development
    Open Source Development
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
'Results, Not Resolutions' | Schneier and Shostack on Gates memo
Topic: Computer Security 7:17 pm EST, Jan 26, 2002

As expected, self-described "longtime security expert" Bruce Schneier has responded to the recently published Microsoft internal memo outlining Bill Gates' new-found motivation for security.

Schneier gets it mostly right. He rightly points out that trust must be earned. He champions simplicity in design and implementation. He identifies as problematic the commingling of data and code, asks for "rigid separation", and wants scripting features removed. This sidesteps the issue of insufficient user understanding regarding security, which is something no one is likely to solve any time soon.

But he also wants to put a stop to SOAP and clarify blurred distinctions between local and remote resources. This runs counter to the promise of distributed computing and is increasingly irrelevant when users' data and applications are remote, anyway.

In short, Schneier wants Microsoft to make a lot of changes that will upset, frustrate, and alienate the average customer, at least in the short- and mid-term. Although the results may be long-term positive for users and industry, Microsoft will suffer for a while. There is no easy way to quickly deploy secure infrastructure and convince users to give up things to which they've become accustomed. Schneier briefly acknowledges the business cost of his recommendations. It's important to see that what works for Sun with Java may not be feasible for Microsoft with XP and .Net. Java is mostly free, and is ultimately intended to sell more Sun hardware. The code is all Microsoft has to offer; this fact necessitates a different approach.

Schneier asks Microsoft to open-source Windows and Office, but stops short of expressing an interest in reading the code.

"Making security Microsoft's first priority will require a basic redesign of the way the company produces and markets software. It will involve a difficult cultural transition inside Microsoft. It will involve Microsoft setting aside short-term gains in order to achieve long-term goals."

'Results, Not Resolutions' | Schneier and Shostack on Gates memo



 
 
Powered By Industrial Memetics
RSS2.0