Security Coding Halt, New Hires

Microsoft’s Windows Division has begun a one-month suspension on the development of Windows .NET Server while the development team gets additional security training and starts an ongoing security review of the Windows code base. Microsoft has also filled two key security positions, hiring Scott Charney as chief security strategist and making Mike Nash vice president of security business unit for the Windows Division.

Coding on Hold

Showing that it is taking recent security vulnerabilities and Bill Gates’s “Trustworthy Computing” memo to heart, the Windows Division has halted new code development during Feb. 2002 on Windows .NET Server, the next scheduled Windows version. (For background, see “Gates Puts Focus on Trustworthy Computing” on page 10 of the Feb. 2002 Update.)

During the code freeze, the Windows Division’s program managers, developers, and testers are attending security training based on the recently published Microsoft Press book Writing Secure Code by Microsoft security experts Michael Howard and David LeBlanc. In addition, program managers are reviewing the specifications for their features, developers are reviewing their code, and testers are reviewing test plans and scripts to address security vulnerabilities.