“My name is Microsoft and I have a problem.” That could be the introductory statement of the company at the group meeting of ISVs With Legacy Systems Full of Security Holes Anonymous.
In a recent article, eWeek talks about Microsoft’s push into application security and security best practices.
In the process of building its newly launched Windows Vista OS, the Redmond, Wash.-based software maker employed a new vulnerability detection process labeled SDL (Security Development Lifecycle), that claims to have greatly reduced the number of holes in its products, and which will also serve as a foundation for the firm’s nascent applications security business.
I’ve written that we’ll see more and more of this type of behavior from large ISVs as they realize security can be a competitive advantage.
Other examples from large vendors: Oracle gets behind Common Vulnerability Scoring System (CVSS), followed by Cisco. Oracle is getting great feedback from customers about this move, according to the Oracle Security Blog.