Microsoft Makes Fun Of Cigital
from the I-know-you-are-but-what-am-I? dept
Ah, mudslinging. Last week there was the kerfuffle (my new favorite word) over Cigital’s pointing out a security flaw in Microsoft’s .Net compiler. The problem, according to Microsoft, is that Cigital went public with the flaw without giving them much of a chance to fix it. Today, Microsoft struck back in about as childish a way as they could. A VP from Microsoft publicly announced a flaw he found in a Cigital product. Yes, this appears like school children bickering.
Comments on “Microsoft Makes Fun Of Cigital”
Hey - children behave better than that!
Well, I wonder how big the bonus was for the first person to uncover a bug in a Cigital product. No wonder people think of Microsoft as arrogant. But if the shoe fits…
-1 Troll
ah, so easy to take potshots.
it’s ok for people to find flaws in MS’s gear, but not in others?
please….
this place is as anti-MS as /. how sad.
Re: -1 Troll
Heh. Well, I know you’re having fun trolling today, but it’s worth a response. I have no problem, in general, with Microsoft finding a flaw in someone else’s product. I have no problem, in general, with anyone finding a flaw in anyone else’s product, if it then makes that product better.
However, it appears that Microsoft’s move here was purely vindictive for Cigital’s action.
Re: Re: -1 Troll
Don’t be absurd – and that’s not at all what I said. Of course Cigital is fair game – especially if you are going to make your living pointing out insecure software you have to be prepared for the possibility that somebody is going to find a flaw in yours. Fair enough.
But this incident demonstrates that – Trustworthy Computing notwithstanding – Microsoft still views security problems as PR problems, not product problems. The company’s first response was that this was a narrow technical issue (try to diminish the perceived severity), then they pitched it as a feature (obfuscate the issue), then they said it was just sour grapes (discredit the opposition). Since Cigital had spoiled their coming out party, they took the extra step to find a bug they could try and embarrass Cigital with…if you think that it was just coincidence they found the Cigital bug in a matter of hours, I’d suggest you’re a bit gullible.
Microsoft had the opportunity to discuss this and make their case in a calm, informed, adult manner. They didn’t.