Microsoft earns patching praise from IT execs
Microsoft may take the most heat on security vulnerabilities, but other software vendors need to catch up when it comes to dealing with flaws found in their products, according to users and analysts interviewed last week.
Many credited Microsoft for having made good progress in its efforts to develop a formal strategy for addressing vulnerabilities in the four years since Bill Gates, the company's chairman and chief software architect, announced its Trustworthy Computing initiative in January 2002. But the same isn't true for Oracle and other vendors that are lagging behind Microsoft when it comes to vulnerability discovery, remediation and disclosure processes, the users and analysts said.
"I think Microsoft has developed a strategy and a vision around security and vulnerabilities that they just didn't have a few years ago," said Lloyd Hession, chief security officer at BT Radianz, a New York-based provider of telecommunications services to financial firms. "It's hard to point to a single vendor who is doing a better job."
Policies for responding to the discovery of security flaws are taking on increased importance as database, application and networking software become more prominent targets of cyberthreats that previously were aimed at operating systems, particularly Windows.
