Microsoft has finally decided to take the vulnerability of its products seriously. The company has decided to incorporate security features in its future products despite an anticipated cost and time overrun in its product development processes.The security drive is also expected to improve the company’s image, which took a severe beating after the Code Red and Nimda attacks on its products. Microsoft Asia Pacific regional technology director David McBride, who is currently in India, said that the company had launched a ‘Security Push’ initiative in its development process. Discloses six flaws in web browser SEATTLE: Microsoft has warned that its internet explorer software contains six flaws, some of which could give hackers access to—and even potentially change—personal information about computer users. The Redmond company, which called the severity of some of the flaws ‘critical’, advised users of explorer versions 5.01, 5.5 and 6.0 to download a patch for the software from the Microsoft web site at www.microsoft.com The security bulletin issued late Wednesday marks the fourth time this year that Microsoft has issued a fix for explorer. Among other things, the flaws could allow hackers to view files on a user’s computer hard drive. (Reuters) The move had resulted in an effort overrun of around 25 per cent in some cases and might lead to some delay in future releases, he said, adding that the efforts due to the security drive would finally come down to around 10 per cent of total efforts over a period of time. In an aggressive push to incorporate security in its Windows products, the company had dedicated 9,000 engineers for over two months (March-April 2002) to identify vulnerability, analyse them and developing fixes to be delivered to the users. “Changes were back-ported to Net Server, Windows XP SPI, Windows 2000 and Windows NT,” said McBride. Microsoft has also launched a software update server, which has been made available to its clients free of cost. “We are cooperating very closely with various industry standard bodies, and security outfits. The cooperation with Foundstone Security Group is one example of this,” McBride said, adding that the company wanted to evolve a framework of trustworthy computing.
