This is a tough bar. Security often cannot be prioritized alone. You have to have solid architecture and fix bugs because any bug can have potential security impacts. Your code has to be not garbage.
Technology has evolved at faster than we’ve been able to secure it and now we’re paying the price with enterprise and state level breaches, and global annual internet fraud at an all time high.
And not just software but physical goods too. We’ve produced without any consideration for end of product life cycle management and now we’re in a plastic crisis.
Completely different spheres of society but so similar in so many ways.
Judging by the last month of our Microsoft 365 tenant at work, they have plenty of room to improve. (Maybe by expanding in-house QA instead of relying on their customers.)
One of the several issues we ran into in the last few weeks was that you couldn’t download or view attachments in the Outlook Web app if you’d been logged in for over 10ish minutes.According to the official advisory, this was due to “code put in production designed to increase reliability.” That was a funny way of making things reliable. It was over a week until they’d pushed a fix for that one - right around the time more Outlook issues started popping up.
So yeah, while I agree with you that this might be tough - it might just be the best move they’ve made in a while. Maybe it’ll cause them to pay more attention to fixing bugs, and focus less on solving problems no one has. (Apparently we, as customers, have been dying for an AI button on our keyboard, to easily access an AI feature now baked into the taskbar.)
And in Microsoft’s case you also have to preserve backwards compatibility. It’s one of the reasons the OS continues to dominate despite how it treats its users.
This is a tough bar. Security often cannot be prioritized alone. You have to have solid architecture and fix bugs because any bug can have potential security impacts. Your code has to be not garbage.
Which is exactly why security should be on the executive agenda.
Tough but necessary. Irrefutably necessary.
Technology has evolved at faster than we’ve been able to secure it and now we’re paying the price with enterprise and state level breaches, and global annual internet fraud at an all time high.
And not just software but physical goods too. We’ve produced without any consideration for end of product life cycle management and now we’re in a plastic crisis.
Completely different spheres of society but so similar in so many ways.
Judging by the last month of our Microsoft 365 tenant at work, they have plenty of room to improve. (Maybe by expanding in-house QA instead of relying on their customers.)
One of the several issues we ran into in the last few weeks was that you couldn’t download or view attachments in the Outlook Web app if you’d been logged in for over 10ish minutes.According to the official advisory, this was due to “code put in production designed to increase reliability.” That was a funny way of making things reliable. It was over a week until they’d pushed a fix for that one - right around the time more Outlook issues started popping up.
So yeah, while I agree with you that this might be tough - it might just be the best move they’ve made in a while. Maybe it’ll cause them to pay more attention to fixing bugs, and focus less on solving problems no one has. (Apparently we, as customers, have been dying for an AI button on our keyboard, to easily access an AI feature now baked into the taskbar.)
And in Microsoft’s case you also have to preserve backwards compatibility. It’s one of the reasons the OS continues to dominate despite how it treats its users.
“Not garbage” seems like a low bar to overcome for a company with such long experience. 😅
Yet here we are… 🙄
Well, going from ‘hot garbage’ to ‘not garbage’, they have a long road ahead.
But we just bought tool X that is ISO certified AND soc2. How are we not secure yet? Does the tool not work?!?