Craig Mundie has an interesting point of view:
Asked why it has taken Microsoft 25 years to get trustworthy computing into the forefront of its efforts, [Mundie] said, "Because customers wouldn't pay for it until recently."Funny. Other software vendors don't guarantee the security of their software, but make a very strong effort to harden it, and act responsively (and responsibly) when security bugs are found. This is just an accepted fact of life with many critical free/open source software projects.
Now Mundie is saying that they're not going to take responsibility for the buggy nature of their software, and charge more for critical security fixes?
The really sick part is that Windows likely won't be secure until it incorporates manditory access controls (MAC), like those being researched at the NSA in the SE Linux project, or implemented as part of the TrustedBSD project. Yes, that's the same SE Linux project that Microsoft is trying to squash. Go figure.
(via news.com.)
