Software security come standard
In the old day, software security is not a feature, is not a selling point and is not something people care about. People install their software into their own computer and the most important thing is that it work. People even can tolerate the application crash from time to time. For example, when you buy a DVD writing application, as long as it can write something in the DVD, you are happy
Then, it come to a day people start to care about the quality of the software, the don't only want to buy a piece of software with 10 features, they want their software to be reliable and easy to use. For example, when you buy a DVD writing application, you are not only want it be able to write DVD, you want it to be easy to use and work without any issue.
Nowadays, a lot of company could write software with a lot of functionalities, however, not every company can guarantee the quality of their software. It is kind of like when you buy a car from BMW, you know there is certain quality involve, it is not only a car from company ABC.
With more than 7 years working in Microsoft, I clearly saw the improvement on software quality of all Microsoft product. Do you know how many quality check point we need to go through to be able to ship a product? I am working in Linq to SQL team before, do you know how many tests we have wrote to ensure the quality of it? It is closed to a million... I will not claim the product is bug free, however, I am confidence and comfortable using the product shipped by Microsoft.
MS used to have a not so good reputation on software security, however, I don't think MS product is not secure, it is mainly because our product have wide audience base.
I am glad that I have chance to see how MS trying to improve the security story of its product and participate into. We created something call Security development lifecycle (SDL) which is a self evolve process. It helps us to make security to be part of the every product we shipped. I am also not claiming we will have zero security bug, however, with SDL in place, our product will only become more secure every day.
I know that there are someone who joke about the security feature in the MS product.However, security feature is similar to "backup/restore", you will only know that you need to do it when there is something happened.
By using SDL, MS if not already the leading company in security space, it will become the leading company in security space very soon. And it will help the industry to make security become standard feature on all software application in the market.
