Tuesday, December 15, 2009

Security as Interdepartmental conflict...

I received this message in my hotmail this morning:



Why does Microsoft get dinged for this type of presentation? Why does it happen? On a small scale it was probably because the hotmail Calendar team wasn't talking with the hotmail Security team.  But that doesn't answer much.  Computer security is still, in almost all industries and architectures, and "add-in".  It is overlaid on top of existing products and architectures.  The "security guys" are on separate teams, their training is exclusive, their recommendations are "integrated" into existing products. The practice of security  never fully integrates into test suites for most product development because  it can't be marketed like a popsicle.  It is sold as an immunity, a dose of antibiotic, a pill.   Compatibility of security architecture with existing product development has ambiguous ownership.

No comments:

Post a Comment