TechTarget

Our patch management is 'not good', says Microsoft security chief

Microsoft's chief security strategist has admitted that the company has not yet shown it can reach its own security goals and he...

Microsoft's chief security strategist has admitted that the company has not yet shown it can reach its own security goals and he slammed its handling of patch management and bug fixes.

Scott Charney made the admission at a US user conference this week and warned that it could be a year before users...

were offered a consistent patch management approach from the software giant.

The importance of patch management and the problems it poses to corporate IT departments were highlighted last month when the Slammer worm hit businesses hard around the world, even though a patch for the security flaw it exploited had been available for months.

Charney said Microsoft's patch management procedures were "not good today at all".

The Microsoft's decentralised management approach, while "wonderful" in many respects, becomes an impediment to effective patch management, said the chief security strategist. For example, the company had eight different patch installers and some tools cannot determine whether a patch has been installed properly or not, he said. 

Frustrated users will have to wait for the release of Longhorn, the next release of the Windows operating system, which is not expected before mid-2004 for the deployment of a single patch installer.

According to Charney, Microsoft's Trustworthy Computing initiative has seen the introduction of two added layers of security verification outside of the product groups.

Allowing developers in the product groups to be responsible for security "was like having the fox guarding the henhouse", Charney said.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close