Microsoft: Engineering Insecurity

February 11, 2022

I read the happy words in “Former Amazon Exec Inherits Microsoft’s Complex Cybersecurity Legacy in Quest to Solve ‘One of the Greatest Challenges of our Time.’”

Bringing together existing groups from across the company, the new organization numbers 10,000 people including existing and open positions, representing more than 5% of the tech giant’s nearly 200,000 employees.

Microsoft has 200,000 employees and 10,000 of them are working to deal with the “greatest challenge” of our time. How many might be willing to share information with bad actors for cash? How many might make a coding error, plan to go back and fix it, and then forget? How many are working to deal with the security issues which keep Steve Gibson chortling when he explains a problem for a listener to the Security Now podcast?

Now that macros have been disabled a massive security issue has been addressed. Quick action which took more than two decades to wrestle to the ground. Plus, there’s the change in what one can permit Defender to defend. This is an outstanding move for those who locate and test specialized service software. Helpful? Well, sort of.

But the big things to me are update processes, Exchange, the the MSFT fluggy clouds. For me, no answers yet.

Some of the security issues are unknown unknowns. I am not sure there is a solution, but a former Amazon executive is on a quest just like those described by the noted futurist Miguel de Cervantes Saavedra who described the antics of an individual with certain firmly held ideas about windmills.

Stephen E Arnold, February 11, 2022


Comments are closed.

  • Archives

  • Recent Posts

  • Meta