Read Satya Nadella's Microsoft memo on putting security first
Comments
jmathai
pjmlp
Reward those that push for cultural changes, ship something in .NET, Go, Rust, Java, that would otherwise kept being done in C++, even though there is no technical reason other than "that is how we do around here".
Sure it doesn't kill all kinds of exploits, but it would already be an improvement.
tocs3
Had a boss some years ago that wrote up a sort list operating priorities. Third thing on the list "Safety First."
jiggawatts
The unstated zero-th rule is always: “Profit first.”
RecycledEle
There are 2 kinds of security:
The first kind of security involves increasing the security for as many people and systems as you can.
The second kind of security involves making your numbers look good by saying "We don't support that any longer."
Microsoft seems interested in the second kind. They are going to ditch support for widely used legacy systems, so they are not blamed when those systems get hacked.
Microsoft should offer support every Microsoft product ever released that still has 1 million active users. Imagine Microsoft using a single Hyper-V install, then letting you run any Microsoft product that is commonly used for $5 to $25 each. That would pay for a lot of security and profit. Just firewalling the legacy systems in the way Cisco does with ACLs would greatly improve their security. A more comprehensive next-generation firewall would be better. Their software engineers could look at every likely vulnerability for their products, and offer one of several kinds of patches: (1) A firewall patch that makes such exploits unlikely to get through, (2) a patch to the hypervisor that inspects the VM and prevents or removes the exploit, or (3) a patch to the software itself that removes the vulnerability. These could work together, with the software itself detecting the problem and asking the hypervisor to do the cleanup. Using this combination of methods, Microsoft's engineers should be able to deal with every known exploit.
RecycledEle
When I mentioned firewalls, I was not just talking about networking firewalls. USB could use firewalls as well. So could access to network drives.
Microsoft should support ripping disk images and making them into VMs, so that legacy systems can easily be moved into this new secure ecosystem that I propose.
musicale
I don't entirely blame Microsoft (or intel, etc.) for putting security last; for decades customers, including business customers, have voted with their dollars for shiny, fast, and/or cheap, rather than secure.
There was (and is?) little to no incentive to compete on security. Security is expensive, hard to measure, and generally only visible when it annoys you or when it fails (sometimes catastrophically.)
pjmlp
I look forward to see if it finally means .NET will be embraced by WinDev, or they will keep pushing in-proc COM with C++ all over the place.
grumpyprole
Yes, to put C++ first is not putting security first. So which is it?
musicale
Memory-safe compilation (perhaps with hardware support like CHERI) could possibly help a bit.
We may not get it in x86 but I have hope for ARM, which actually had a prototype implementation (Morello).
pjmlp
It is kind of sad that Intel already failed a couple of times having memory tagging.
klysm
Security first unless revenue is first which it always is
musicale
At least nobody has to fly in a Windows plane. Yet.
grumpyprole
The UK has "Windows for Warships" (TM)
musicale
Luckily ships can be towed into port when the software fails.
RecycledEle
Security is impossible as long as governments ask for backdoors.
hulitu
> In some cases, this will mean prioritizing security above other things we do, such as releasing new features
I mean, clearly he has no idea how Windows is working.
The problem with prioritizing security is that it is hard to measure preventing bad things which may happen in the future.
For example, how do you reward employees for investing in security, besides punishing them for security breaches?
I've seen this sort of message come from CEOs but sub organizations optimize for what they're measured against. It's rarely security, tech debt, maintenance, etc.