MSNBC has an article on how Microsoft has given Vista to a large number of security professionals to “hack”. The effort is designed to reveal security flaws before Vista is released as a production product.

My Opinion – I have to ride the fence on this.

The Good – It is great that we are enlisting the security community to help create a better product. Ultimately there should be fewer vulnerabilities discovered over the long term with this kind of testing. This is to the benefit of the entire computing world and really should apply to ALL products that will have the kind of dicstribution that Vista is expected to have.

The Bad – I simply don’t trust that all of the vulnerabilities will be revealed by the “hackers”. There is no doubt in my mind that there will be some unscrupulous few that will find a vulberability (or two…) and withhold that information. Why? for all of the same reasons the bad guys look for vulnerabilities in the first place – notoriety, financial gain, or just the knowledge of knowing something that someone else doesn’t.

I do believe it is the right thing to do though. I believe the good outweighs the bad. I do feel it is unfortunate that we have to resort to these kinds of tactics to secure our products, but it is a workable solution.

Time will tell….

 

Cheers!