Microsoft Corp. pours more money into software security than any other
major vendor both because it has to and because it can. Yet for all the
investments in security, the number of vulnerabilities discovered in
the company’s products has increased over the years, prompting
questions over whether the company has reached the limits of its
ability to debug software.
However, in this interview with Computerworld, Microsoft senior director of security engineering Steve Lipner makes the argument that the high flaw count means that the company’s Security Development Lifecycle (SDL) approach is working
as it was meant to and is a sign of success at Redmond. Read the full interview [infoworld.com]