| Platform component |
Grade |
Rationale |
| Windows (application layer) |
B |
A good patch process helps make up for mistakes of the past. |
| Windows (kernel layer) |
B |
Openness helps protect a small area of risk that can have huge implications. |
| Development environment |
C+ |
Making a start, but otherwise leaves it up to developers and ISVs. |
| Security tools |
B+ |
Firewalls, adware identifiers, and other tools enable IT professionals to manage their own security. |
| Responsiveness |
A- |
Doesn't waste time in delivering fixes to critical vulnerabilities, but argues for secrecy until it creates those fixes. |
| Effort |
A |
The resources available for learning about, addressing, and managing security are large and growing. |
Table 1 Does Microsoft Security Make the Grade?
It's been four years since Microsoft announced the Windows Security Initiative and reinvented itself as a security-conscious company. In the interim, it has made progress on some significant issues, while it still has a lot of work to do on other issues. Notably, one of the biggest security holes remaining in Microsoft's platform is in its developer tools, and Visual Studio specifically.
|