Skip to content

Trustworthy computing: non-SDL view. Part 2: non-corporate.

Trustworthy

Do you think my latest post was about corporate products because only corporate products are subject to not being designed to be secure in deployment? No, consumer ones are built the same way. Say, the famous story about Windows Live Mail and Live Mail’s SSL. Till the recent changes you weren’t able to use both of them. Either you expose your communication without using SSL or you couldn’t use convenient client. I was very glad to receive the ability to use them both.

To sum up: we have excellent products, which aren’t exploitable in the most of the cases through their functions. Still those products don’t have all the necessary abilities to be incorporated into the strict environment. Some things are being changed, some not, but still there is many possibilities to do it before I or any other user discovers the problems in our own network.

I’m glad that Microsoft is on steady way to improve those things, but I want them to do some things prior the RTM. Do you remember any cases, similar to what I described in these two blogs?