[2692] in WWW Security List Archive
Re: DOS and Macro Virus Discussion
daemon@ATHENA.MIT.EDU (John C. Pavao)
Mon Aug 19 14:03:12 1996
Date: Mon, 19 Aug 1996 11:31:32 -0700
From: "John C. Pavao" <pavaojc@rixix.sod.eds.com>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Stephen Cobb wrote:
> You make a convincing case. Although I have no hesitation criticizing
> Microsoft for what I perceive to be mistakes I also realize that the company
> would not be where it is today if other people had not made bigger mistakes.
>
> While I think it is fair to criticize Microsoft for not showing more
> leadership in the area of security, a finger must also be pointed at the
> corporate folks who failed to make security a priority in their software
> wish lists.
Yes, but managers run corporations, not sysadmins. If sysadmins ran
corporations, I could see that argument. Managers are thinking about
ease of use and results before security; results are their jobs.
Managers think about security when something gets compromised. (I'm not
criticizing managers, I'm just saying what I see.) Managers see that
the WWW is a way to do all kinds of things that used to require
expensive applications. They see $$$ being saved. Managers have no
idea what ActiveX is and shouldn't have to. What they do know is that
if I tell them they can't use the Web to do what they wanted to because
of security problems, I'm standing between them and $$$. And I sure
don't like M$ putting me in that position.
John Pavao
(Opinions expressed are solely my own and are in no way to be connected
to my employer.)
