Wresting free from a software straitjacket
There's an interesting article over at C|Net about security in general, and Microsoft and the SDL in particular. One thing the author points out as important is BillG's Trustworthy Computing memo.
IMHO, here's why such an email is so important. If you don't get the senior management team to buy off on this security engineering stuff, you will make no real progress. Sure, you might win a few battles along the way and squish a few bugs, but you can't make wholesale changes and real progress unless the senior execs know there is a difficult problem to solve, and are then willing to spend time and resources on the problem.
Some of our competitors have poo-hoo'd Bill's TwC memo as a marketing ploy. It isn't. It's a battle cry and a call to action.
Comments
Anonymous
November 30, 2006
Heh, well we all know Oracle's track record when it comes to security. Why worry about security when you're "unbreakable" anyway?Anonymous
November 30, 2006
Definitely. I'd usually say that THE most important item on any security strategy for a company is senior executive buy-in, because without that you'll be fighting competing business priorities every step of the way. And to start improving things you've got to admit you've got a problem, so you can see where Oracle are going wrong...Anonymous
December 01, 2006
The comment has been removedAnonymous
December 03, 2006
The comment has been removedAnonymous
December 06, 2006
The comment has been removedAnonymous
December 19, 2006
[Default] Spotlight on: Visual Studio Team System for Database Professionals Visual Studio 2005 Team