OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Security settings to disable IE 5.5/Outlook security vulnerability - com.ms.activeX.ActiveXComponent
From: Ed Bradford/Raleigh/IBM (egbUS.IBM.COM)
Date: Thu Oct 05 2000 - 14:16:33 CDT

I received some comments on my 856 person year estimate. Some people have
missed the point.

The question isn't whether Georgi or anyone else is acting ethically. The
note pertains to
adequate testing of software. With the quantity and severity of the
security related bugs
emanating from Redmond one would think that the message would be clear. It
was clear two years
ago. With Netscape having lost the browser war, that leaves only Redmond in
focus as
the primary Internet Desktop. It is the responsiblity of a vendor of such
an overwhelming majority
of desktop environments to deliver high quality.

That is not being done. I suggest you rethink your testing and shipping
schedules with an
explicit goal raising quality to the highest priority. Set a goal of moving
from 70 security incidents per
year (so far this year) to only half that many next year. Don't ship
products before their time. Fully
document your security API's. If you make your goal for next year then set
the goal for the following
year to be half again.

Raise this goal to be the highest priority in the company; higher than
shipping Whistler on time; higher
than shipping dot net on time; higher than everything else. Look what
raising quality standards has
done for Ford Motor company.

Remember, with a monopoly, there is no lower limit to quality. Fix that
problem and you win friends
and customers minds. By the way, Ford is quite profitable also.

Ed

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net