Microsoft Makes Fun Of Cigital
from the I-know-you-are-but-what-am-I? dept
Ah, mudslinging. Last week there was the kerfuffle (my new favorite word) over Cigital’s pointing out a security flaw in Microsoft’s .Net compiler. The problem, according to Microsoft, is that Cigital went public with the flaw without giving them much of a chance to fix it. Today, Microsoft struck back in about as childish a way as they could. A VP from Microsoft publicly announced a flaw he found in a Cigital product. Yes, this appears like school children bickering.
Comments on “Microsoft Makes Fun Of Cigital”
Hey - children behave better than that!
Well, I wonder how big the bonus was for the first person to uncover a bug in a Cigital product. No wonder people think of Microsoft as arrogant. But if the shoe fits…
ah, so easy to take potshots.
it’s ok for people to find flaws in MS’s gear, but not in others?
this place is as anti-MS as /. how sad.
Re: -1 Troll
Heh. Well, I know you’re having fun trolling today, but it’s worth a response. I have no problem, in general, with Microsoft finding a flaw in someone else’s product. I have no problem, in general, with anyone finding a flaw in anyone else’s product, if it then makes that product better.
However, it appears that Microsoft’s move here was purely vindictive for Cigital’s action.
Re: Re: -1 Troll
Don’t be absurd – and that’s not at all what I said. Of course Cigital is fair game – especially if you are going to make your living pointing out insecure software you have to be prepared for the possibility that somebody is going to find a flaw in yours. Fair enough.
But this incident demonstrates that – Trustworthy Computing notwithstanding – Microsoft still views security problems as PR problems, not product problems. The company’s first response was that this was a narrow technical issue (try to diminish the perceived severity), then they pitched it as a feature (obfuscate the issue), then they said it was just sour grapes (discredit the opposition). Since Cigital had spoiled their coming out party, they took the extra step to find a bug they could try and embarrass Cigital with…if you think that it was just coincidence they found the Cigital bug in a matter of hours, I’d suggest you’re a bit gullible.
Microsoft had the opportunity to discuss this and make their case in a calm, informed, adult manner. They didn’t.