diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Microsoft Security Guru Explains His Take on Security

“What is it that makes security hard?” Is a rhetoric question that Microsoft security expert Michael Howard has asked on his blog. The title he proposes for himself is “A Simple Software Security Guy at Microsoft!” But that is obviously  not the case. “Writing Secure Code” is perhaps his best known book, but not the only one covering security issues.

Now Howard proposed an answer for a question that he heard over and over again, just under different forms: “why can’t you guys simply fix the security problem?” or “reliability and scalability problems are understood and solvable, why can’t you do the same with security?” or his favorite variant, “what the heck keeps you interested in security when it seems you’re fighting a ‘no-win’ battle?”

Howard sees to aspects that constitute the difficult side of security. “Scalability and reliability issues are man-vs-machine and machines are stupid. Security is man-vs-man and humans are intelligent,” said Howard.

The difference is that on one side there is no contest, while the other raises the most complex changeless. At the basis of this status quo is the fact that there is no example of perfect, foolproof code.

“This security stuff is an ongoing arms race and chess game, and each side is constantly trying to outwit the other. We raise the bar, and the attackers then spend time trying to defeat that bar. So we raise the bar again, and so on. With reliability and scalability, we can understand the “adversary” and that’s that. The “enemy” won’t adapt to defeat you,” Howard added.

As you can see, Howard has a different take on the matter. While it is generally believed that security is one step behind cybercrime, according to Howard, attackers simply adapt to increasing standards of security.

“To be honest, it’s this on-going intellectual battle that keeps me coming back to security, but it also means that no-one will ever build 100% secure computer products and this why we update the Security Development Lifecycle (SDL) twice a year as we learn new attack and defense techniques,”


Microsoft, Security, Article, Michael Howard

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...