Microsoft's Report Card

Computerworld - Grades ranged from B+ to D- when Computerworld asked IT managers, analysts and security professionals to rate Microsoft's progress on its Trustworthy Computing initiative during the past year. Excerpts follow:

• Charles Emery, senior vice president and CIO, Horizon Blue Cross Blue Shield, Newark, N.J.

Grade: B

Reason: "The automatic updates within the operating system are helpful and timely. Anything that receives as much focus as Microsoft is giving this issue is bound to improve, but sadly, there are people who are constantly trying to find new ways to break in."

• Paul Lanham, senior vice president and CTO, Jones Apparel Group, Bristol, Pa.

Grade: D

Reason: "In the short term, I wouldn't give Microsoft high marks for now focusing on security issues that should have been embedded in their development process to begin with. They have a lot of history to deal with in the short term. Of course, it's easy to criticize their current state, but they at least get a good grade for recognizing the current reality that their market position could erode if basic measures in this area are not undertaken."

• Andre Mendes, chief technology integration officer, the Public Broadcasting Service, Alexandria, Va.

Grade: B+

Reason: "On one side, they have obviously identified a lot of the problems that existed with their legacy environments and have aggressively addressed them. On the other side, there were a couple of occasions where they still reverted to minimizing the criticality of some of the holes."

• Russ Cooper, security consultant, TruSecure Corp., Herndon, Va.

Grade: D-

Reason: "In my opinion, Microsoft hasn't made any perceivable progress in the last 12 months with respect to security. The security bulletin process has been up and down. Their responsiveness has been good and bad. Windows Update has been augmented by a lame sister known as Software Update Services."

• Jason Fossen, a SANS Institute lecturer and president of Fossen Networking & Security, a Windows security consultancy.

Grade: B+

Reason: "Never before have Microsoft's future profits been so at risk by the security or insecurity of their products. Microsoft's entire XML/SOAP/.Net project to make the Web services business model a reality will sink if IT decision-makers believe it is insecure. Microsoft is betting the farm on .Net Web services; hence, they're motivated to shape up, and so far, they're following through."

• Marc Maiffret, co-founder and chief hacking officer, eEye Digital Security, Aliso Viejo, Calif.

Grade: B

Reason: "At least when Microsoft makes a claim that they are doing something about security, they are making a little bit of effort. I wouldn't say it's enough to where it needs to be. But the effort they're putting into it is far more than other companies out there. I'd give almost every software company out there an F."