Journal de bord

vendredi 24 janvier 2003

Bill Gates m’a écrit !

Au départ, j’ai cru à une blague. Mais non. J’ai vérifié les headers, l’adresse IP, tout est normal et provient bien de microsoft.com. Un très long courrier pour me dire que Microsoft va travailler à faire des logiciels plus sûrs et qui fonctionnent mieux.

De: “Bill Gates”
Date: Ven 24 jan 2003 10:37:48 Europe/Paris
À:
Objet: Security in a Connected World
Répondre à: “Bill Gates”

Jan. 23, 2003

I’m writing to you about an issue of particular importance to those of us who routinely use computers in our work and personal lives - making computing more secure. Before I share my thoughts about this in more detail, I want to give you some context on why I am sending this email.

(…)

In early 2002 we took the unprecedented step of stopping the development work of 8,500 Windows engineers while the company conducted 10 weeks of intensive security training and analyzed the Windows code base. Although engineers receive formal academic training on developing security features, there is very little training available on how to write secure code. Every Windows engineer, plus several thousand engineers in other parts of the company, was given special training covering secure programming, testing techniques and threat modeling. The threat modeling process, rare in the software world, taught program managers, architects and testers to think like attackers. And indeed, fully one-half of all bugs identified during the Windows security push were found during threat analysis.

(…)

While we’ve accomplished a lot in the past year, there is still more to do - at Microsoft and across our industry. We invested more than $200 million in 2002 improving Windows security, and significantly more on our security work with other products. In the coming year, we will continue to work with customers, government officials and industry partners to deliver more secure products, and to share our findings and knowledge about security. In the meantime, there are three things customers can do to help: 1) stay up to date on patches, 2) use anti-virus software and keep it up to date with the latest signatures, and 3) use firewalls.

Bill Gates

Bon, je suis rassuré, les programmeurs Windows ont pris des cours. Ils ont trouvé plein de bugs. Et Microsoft s’engage à mieux travailler dans l’avenir. Et je suis très honoré que Bill Gates ait pris la peine de m’envoyer sa prose.