Slammer Worm: Code Red Deja Vu

Just as 2001’s Code Red worm forced the Windows product group to seriously reexamine its approach to security issues, the Jan. 25 Slammer worm has served as a wake-up call for Microsoft’s SQL Server product team. Slammer points out the difficulty in driving changes to development practices across a company as diverse as Microsoft, and leaves customers with the concern that each product group might have its own crisis before customers see the benefits of Microsoft’s security focus.

A Framework for Measuring Progress

The timing of the Slammer attack was particularly unfortunate for Microsoft, occurring days after Chairman and Chief Software Architect Bill Gates sent an e-mail to customers entitled “Security in a Connected World,” and Mike Nash, corporate vice president of the Security Business Unit, gave a speech entitled “Microsoft Security Customer Road Map 2003” as part of Microsoft’s Silicon Valley Speaker’s Series. These events marked the one-year anniversary of Trustworthy Computing, a companywide initiative to improve the security, privacy, reliability, and business integrity of Microsoft and its products.