Gartner Blasts Microsoft on Security

Microsoft Corp.'s recall of its Internet Explorer security patch last week prompted analyst John Pescatore of Gartner to direct more withering criticism at Redmond. Pescatore came to prominence last year for his notorious bulletin advising IT managers to consider replacing IIS Web servers with Apache due to security concerns.

The latest Pescatore missive, a Gartner FirstTake issued Wednesday, is called "Microsoft Must Plan -- Not Patch -- for Software Security."

Pescatore's bulletin is pegged to Microsoft Security Bulletin MS02-005, which includes patches for six new IE problems, three of them critical, and also rolls together all current fixes for IE. (See story).

According to the Gartner bulletin, Microsoft announced the patch on Feb. 7 but had to withdraw it until Feb. 11 due to an error in the patch.

"The problems with the latest major Internet Explorer patch shows that Microsoft has made security promises it cannot yet keep," the bulletin alleges.

The promises Gartner cites are an October 2001 vow from Microsoft senior vice president for Windows Brian Valentine that Microsoft would do "whatever is necessary to ensure the process is complete" and the Bill Gates Trustworthy Computing memo of January.

The Gartner bulletin discounts the code review Microsoft has been conducting in February, as well.

Security cannot be “tested” into software; it must be a high priority from the start — during requirements analysis and product planning," the bulletin says. "Microsoft would also do well to order its product management and marketing personnel not to hype the company’s newfound 'security focus' until they can point to some concrete results."

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Office 365 Attack Simulator Now Supports Attachments

    The Attack Simulator in Office 365 tool has been updated and now has the ability to include message attachments in targeted campaigns, according to a Friday Microsoft announcement.

  • How To Disable Touch Input in Windows 10

    When the touchscreen on your Windows 10 laptop goes bad, there's no reason to throw that baby out with the bath water.

  • Microsoft Previews Windows VM Authentications via Azure Active Directory

    Microsoft on Thursday announced a preview of remote authentications into Windows-based Azure virtual machines (VMs) using Azure AD credentials.

  • Windows Server 20H1 Getting Smaller Containers and Faster PowerShell

    Microsoft is promising to deliver a smaller container size and improved PowerShell performance with its next release of Windows Server.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.