Microsoft earns patching praise from IT execs
Users say some rivals lag behind on fixing flaws, disclosing security info
January 20, 2006 12:00 PM ETComputerworld -
Microsoft Corp. may take the most heat on security vulnerabilities, but other software vendors need to catch up when it comes to dealing with flaws found in their products, according to users and analysts interviewed last week.
Many credited Microsoft for having made good progress in its efforts to develop a formal strategy for addressing vulnerabilities in the four years since Bill Gates, the company's chairman and chief software architect, announced its Trustworthy Computing initiative in January 2002. But the same isn't true for Oracle Corp. and other vendors that are lagging behind Microsoft when it comes to vulnerability discovery, remediation and disclosure processes, the users and analysts said.
"I think Microsoft has developed a strategy and a vision around security and vulnerabilities that they just didn't have a few years ago," said Lloyd Hession, chief security officer at BT Radianz, a New York-based provider of telecommunications services to financial firms. "It's hard to point to a single vendor who is doing a better job."
Policies for responding to the discovery of security flaws are taking on increased importance as database, application and networking software become more prominent targets of cyberthreats that previously were aimed at operating systems, particularly Windows.
For instance, more than one-third of the top 20 Internet security vulnerabilities listed by the SANS Institute as part of an annual report released in November involved flaws found in application, security and data backup software.
Earlier this week, Oracle released a quarterly roundup of software patches designed to fix 82 vulnerabilities ¿ many of them rated "critical" by the company (see "Oracle releases patches for 82 flaws"). Cisco Systems Inc. also issued patches this week for several flaws affecting its routers and Call Manager software (see "Cisco patches a number of products"). And EMC Corp. released patches for its NetWorker backup software to fix security problems that could lead to a system crash or unauthorized remote access (see "Backup software sees exploit, patches").
Such disclosures highlight the fact that Microsoft isn't the only vendor with security problems, although it often gets the most criticism, said Steven Gelfound, IT director of the National Center for Missing & Exploited Children in Alexandria, Va.
"They're just in a situation where everyone is gunning for them," Gelfound said. "[But] it's not that any one operating system or application is more secure than the other. Given enough time and computing resources, you can crack just about anything out there."
In fact, based on information provided by each of the vendors, Microsoft disclosed a total
Viruses
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Share our Strength
Download Now
Key Strategies for Managing Data Growth
What are you storage challenges?
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
