Visual Studio .Net first to pass new MS security audit

Visual Studio .Net first to pass new MS security audit

One of the back stories of the launch of Visual Studio .Net is that this is the first product to pass the security audit tests recently mandated by company Chairman Bill Gates.

In the instance of Visual Studio .Net, the audit consisted of a manual process by which the developers of the product searched for holes in the product against a database of known security problems.

Given the current stage of development for these products, a basic review against known problems is all the company can realistically do.

Long term, Microsoft hopes to deliver an automated process for delivering fixes to security problems to enterprise customers, said Barry Goffe, a product manager in the .Net Server Group. In theory, each customer would have a dedicated server to which Microsoft could distribute updates. Customers could then decide which updates to deploy based on the seriousness of the issue.

Microsoft also plans to improve the navigation of its Web sites to make it easier for customers to track and download security fixes.

Industry analysts said Microsoft's security problems were not something that could be fixed in the near term.

"It's going to take a while to work through the product sets," said Rob Enderle, research fellow at Cambridge, Massachusetts-based Giga Information Group Inc. "They need an automated process (for security fixes) because the products are so complex."

The widespread attacks on Microsoft products, coupled with the company's until-now-piecemeal response, has made Microsoft a popular hacker target, Enderle said.

"The fact is that much of the problem is the level of attack they are under," he said. "They can mitigate a great deal of the problem (with an automated process) so only professionals can break in, and then only after considerable effort.

"Until they put that (automated process) in place, they won't be able to certify at an acceptable level of protection, even for them," he added. "As far as software goes, nobody on the planet can do it better than Microsoft. The problem is until now they haven't been focused."

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments