Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Unlike Apple, Microsoft does not have a fanatic following — in fact, quite the opposite. The company’s overwhelmingly dominant position in the software industry has instead attracted another sort of attention from techies — a fascination with probing for security “holes” (programming mistakes that allow outsiders to gain access to supposedly secure information) in Microsoft products. The company’s problem is not necessarily that its products are especially bug-ridden; it’s that they’re so ubiquitous. “Because Microsoft is so dominant, any kind of breach potentially affects millions of users — which is precisely why hackers target them,” says Dwight Davis, a software industry analyst with Boston-based Summit Strategies, Inc. It’s a pressing problem for the company too. Microsoft, like others, is moving toward a service model with its .Net initiative, in which customers will store personal data, such as credit card numbers, on Microsoft Internet servers, in a bid to make e-transactions faster and easier. The company must demonstrate that its Web platforms are secure. “Security is a base-level requirement for Microsoft’s core strategy going forward,” says Davis. Without it, the company’s whole Web strategy is at risk. Like many other software makers, Microsoft hates to have its flaws publicized and works hard to discourage researchers from publishing information about bugs. And it regularly sues to protect its trademarks. The company contends that publicizing security holes simply hands crooks a digital crowbar. In an October essay in Microsoft’s TechNet, Scott Culp, manager of Microsoft’s Security Response Center, dubbed public disclosure “information anarchy.” As Culp points out, Code Red, Nimba, Ramen, and other destructive computer “worms” unleashed in the past year were written by hackers who followed widely published instructions for exploiting bugs. So the company has recently developed a carrot-and-stick approach to those who reveal flaws, trading information about how software works for a commitment from security researchers not to go public. During the early years of computers and networks, secrecy about bugs was the norm, explains Bruce Schneier, chief technology officer and founder of Cupertino, Calif.-based Counterpane Internet Security, Inc. “The problem with this system was that the [software] vendors didn’t have any incentive to fix vulnerabilities,” he says. Frustration gave rise to the so-called full disclosure movement. According to Schneier, a movement leader, publicity about bugs forced software makers to develop fixes promptly: “The computer industry has transformed itself from a group of companies that ignores security and belittles vulnerabilities into one that fixes them as quickly as possible.” Russ Cooper, a security expert who runs the online forum NT Bug Traq, approves of how Microsoft deals with such issues: “They have done a tremendous job in addressing the issues they had.” And, he says, “Microsoft has shown that it’s prepared to go public, that it’s not trying to hide things.” But that may be changing. In his essay, Culp wrote: “If openly addressing vulnerabilities inevitably leads to those vulnerabilities being exploited, vendors will have no choice but to find other ways to protect their customers.” Some of those ominous-sounding “other ways” are now being implemented. In early November, Microsoft convened a group of security experts at its Trusted Computing Forum 2001 to discuss how to deal with security holes. Microsoft’s stance toward security companies is also embodied in a new “security partnership agreement.” It offers security vendors data on Microsoft’s vulnerabilities in exchange for a commitment to keep details on any bugs they discover secret until fixes are ready. Access in exchange for censorship: Sounds like a Faustian bargain for vendors whose business is to alert companies about chinks in their armor.
Microsoft Corporation
Number of Federal Trademark Lawsuits as Plaintiff: 1992 – 1 1993 – 4 1994 – 1 1995 – 3 1996 – 2 1997 – 7 1998 – 8 1999 – 33 2000 – 25 2001 – 6 Number of Federal Trademark Lawsuits as Defendant: 1993 – 1 1994 – 1 1995 – 4 1996 – 1 1997 – 3 1998 – 3 1999 – 1 2000 – 1 Source: CaseStream
Top Outside Firms for Trademark Suits: Preston Gates & Ellis: 32 cases Strasburger & Price: 10 cases Dickinson Wright: 6 cases
Headquarters:Redmond, Washington
CEO:Steve Ballmer
GC:William Neukom
Revenue 2001, in billions:$25.3
Share Price 52-week high/low:$40.25/$76.15
Share Price, November 27:$63.74

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.