Dana Epp has a fascinating post about Microsoft’s security development lifecycle:
In the past decade it has been easy to slag Microsoft for their stance on security. It has appeared that the drive for profits have always trumped the safety and security of the code. When Microsoft decided to STOP development and retrain the ENTIRE development group about secure programming, many in the industry brushed it off as a PR stunt. But as I pointed out early last year, if we look at what Microsoft has been doing as of late, we can see that they have made significant changes to build a foundation for a more secure computing experience.
Read the whole list, and bear in mind that Dana Epp knows security issues better than just about anyone. His perspective is a fascinating one here. I’m not a slavish Microsoft booster, and in fact I have been critical of some recent decisions they have made that are not consistent with their stated security goals. But anyone who thinks that Microsoft hasn’t made huge progress on security in the past four years simply isn’t paying attention.
This is the main reason you can expect that Internet Explorer 7 will be a very big deal and not a simplistic bunch of cosmetic fixes. Just watch…