this is what Microsoft did 12 years ago to make the most secure software processes today
2002 the famous memo and this is the part that I like most
"There is a lot of excitement about what this architecture makes possible. It allows the dreams about e-business that have been hyped over the last few years to become a reality. It enables people to collaborate in new ways, including how they read, communicate, share annotations, analyze information and meet.
However, even more important than any of these new capabilities is the fact that it is designed from the ground up to deliver Trustworthy Computing. What I mean by this is that customers will always be able to rely on these systems to be available and to secure their information. Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services and telephony.
Today, in the developed world, we do not worry about electricity and water services being available. With telephony, we rely both on its availability and its security for conducting highly confidential business transactions without worrying that information about who we call or what we say will be compromised. Computing falls well short of this, ranging from the individual user who isn't willing to add a new application because it might destabilize their system, to a corporation that moves slowly to embrace e-business because today's platforms don't make the grade.
The events of last year - from September's terrorist attacks to a number of malicious and highly publicized computer viruses - reminded every one of us how important it is to ensure the integrity and security of our critical infrastructure, whether it's the airlines or computer systems.
Computing is already an important part of many people's lives. Within ten years, it will be an integral and indispensable part of almost everything we do. Microsoft and the computer industry will only succeed in that world if CIOs, consumers and everyone else sees that Microsoft has created a platform for Trustworthy Computing.
but nobody followed them in this, neither the linux community (now cleaning up mistakes that were at the core of their code for years), nor Apple (discovering now that they have key problems in their root), nor Adobe (just now starting to have some control over all the securityproblems that there new freewheeling features inserted in their pdf and other software that used to be simple but secure) and Oracle (that contrary to Microsoft doesn't deliver databases with all the securitymodules already included or with prices that are going through the roof).
so when you look at the number of hacked sites or attacks against software than it is becoming clear that the rootcore of Microsoft is secure (that is if you upgrade) and that the security processes of Microsoft are efficient (that is if you use them).
Remembering Microsoft in 2001 and up to 2004 and looking at its products now, you have come a long way
but some in Microsoft are fucking it up by thinking first at the 'consumer' and only afterwards about 'security' and 'stability'. I am talking about the most dangerous thing that is happening or being fucked up now and that is the patchprocess. It has always been a multibootprocess between patches with multiple reboots so you could be sure after each install of an essential patch that everything was working fine (and you started with the most critical ones). Now by trying to reboot a machine after nearly all the patches are installed sometimes thing go wrong and nobody understands why and where (because there are so many possibilities). If you could know which patch has some problems than everybody knows where to look for the problem and the solution.