I’m honestly not surprised they came up with this considering MS’ track record on security since the internet exists.
One more reason to resist their extend embrace extinguish strategy and not use their tools (vs code etc), this won’t end well and Microsoft will always be Microsoft.
If this is true, Microsoft should be completely embarrassed and the leads on this piece of softwar who made that decision, all the at up through to senior management, should be fired.
For Microsoft to build such a product without basic security in mind is beyond belief in 2020. There is no level of “technical debt” excuse that can make up for a lazy, anti—user decision like this.
I'm perplexed that anybody thinks Microsoft were being dumb. They know exactly what they are doing and putting the pieces in place to violate users' security is the point.
Theyre just boiling the frog slowly. It'll be turned on by default soon enough and then theyll start looking for excuses to upload it.
This can be used to make them a shedload of money one day.
Though this is bad for Microsoft, does it make the situation substantially worse from a security perspective? Assuming they’re following good practices like not storing access keys, passwords, etc, in their source control system(s), this seems like more of an IP protection issue.
I could be wrong about that, though, and I’d be curious to learn and understand more.
Cue the chorus of people saying this is because Microsoft sucks etc etc.
Ignore the fact that Microsoft has spent more time and resources than any technology company in the world focusing on web related security. Mind you that is not an endorsement of their track record, but a statement with respect to the reality on the ground.
Overall, I feel this is a good move by Microsoft. Admittedly from their side, they won't (or cannot) cover all security holes from their system. Asking help from external sources and rewarding them appropriately is also good, allowing them to patch their system. In turn, end users will (hopefully) get an OS that is secure. Win for everyone. Way to go MS!
It's amazing to me that, after all these years, people are surprised at how bad Microsoft is at security. I genuinely don't understand why companies use their products after decades of egregious security vulnerabilities.
One more reason to resist their extend embrace extinguish strategy and not use their tools (vs code etc), this won’t end well and Microsoft will always be Microsoft.
reply