How to improve OS and browser security
At a CIO roundtable that I attended a few months ago, one CIO suggested that the OS developer and security software vendor should work together right from the initial stages of OS development. This would “harden” the OS kernel and hence make the OS more secure, he suggested.
Traditionally, OS and browser code has been buggy, making systems vulnerable to security attacks. Security software developers had to step in and create a “shield” to secure unpatched systems. But what if the OS developer spent more time testing its OS in live business environments and challenging (ethical) hackers to look for vulnerabilities? What if business users could report weaknesses in the OS at the testing stage itself? What if the developer listened to suggestions and patched up soon after?
We know that this is common in the Open Source community, because of the inherent nature of its development model. What results could we expect if commercial software tried this approach?