Archive for Friday, August 4, 2006

Microsoft to hackers: Try to break Vista

August 4, 2006

Advertisement

— After suffering embarrassing security exploits over the past several years, Microsoft Corp. is trying a new tactic: inviting some of the world's best-known computer experts to try to poke holes in Vista, the next generation of its Windows operating system.

Microsoft made a test version of Vista available to about 3,000 security professionals Thursday as it detailed the steps it has taken to fortify the product against attacks that can compromise bank account numbers and other sensitive information.

"You need to touch it, feel it," Andrew Cushman, Microsoft's director of security outreach, said during a talk at the Black Hat computer-security conference. "We're here to show our work."

Microsoft has faced blistering criticism for security holes that have led to network outages and business disruptions. After being accused of not putting enough resources into shoring up its products, the software maker is trying to convince outsiders that it has changed.

"They're going directly to the bear in the bear's lair," says Jon Callas, the chief technology officer at PGP Corp., which makes encryption software and other security products. "They are going to people who don't like them, say nasty things and have the incentive to find the things that are wrong."

Due early next year, Vista is the first product to be designed from scratch under a Microsoft program dubbed secure development life cycle, which represents a sea change in the company's approach to bringing out new products.

A security team with oversight of every Microsoft product has broad authority to block shipments until they pass security tests. The company also hosts two internal conferences a year so some of the world's top security experts can share the latest research on computer attacks.

Comments

Use the comment form below to begin a discussion about this content.

Commenting has been disabled for this item.