IT security specialist Fortify Software believes that, despite Microsoft’s slip from pole position in IBM’s X-Force security reports throughout 2007 to third now, the company is dong well.
“Normally, a slip in the charts is a bad thing, but this time around it’s a positive move, as it suggests that Microsoft’s investment in an SDL [security development lifecycle] is paying off,” says Brian Chess, Fortify’s chief scientist.
“We’re glad that Microsoft accepts the Business Software Assurance religion, which recognises security is not simply a product: it must be complemented with processes and expertise,” he says.
However, he has a warning: “As Microsoft becomes a harder target, the pressure is transferred to smaller players: there are just as many, if not more, attackers out there as there were in 2007, but now they’re spending their time looking at a greater diversity of software. Software security is everybody’s problem. Microsoft can’t rescue us.”