Bill Gates Keynote at RSA

During his keynote today at the RSA Conference, Bill Gates quoted a Gartner report claiming that 75% of all vulnerabilities are application related. Mr. Gates then promptly blamed Microsofts' development tool customers for those vulnerabilities. Well judging by the rate of patches coming out of Redmond, I'd have to disagree. Perhaps the problem is a bit closer to home.

On a related note, Gates briefly described steps Microsoft is taking to provide more secure software such as code reviews, R&D security efforts and better processes. Perhaps XP SP2 is the fruit of that labor, but more needs to be done. Much has been said about how Microsoft is going to be a security company, and how the acquisitions of Giant (spyware) and sybari (antivirus) are supposed to be positive indicators. But Acquisitions, no matter how well placed won't change Microsoft, the company. It will take a long time to convince anyone, especially me, that microsoft is a security company.