Microsoft COO: We Have 'The Most Secure Platform On The Planet'


Microsoft used to have a security problem, but according to COO Kevin Turner, now it's the other guys that are scrambling to patch vulnerabilities in their software.

"The safest, most secure platform on the planet is Microsoft," Turner said last week at Microsoft's Worldwide Partner Conference.

Turner was basing this claim, at least in part, on data that security vendor Secunia released in March. It showed that 86 percent of vulnerabilities found in the 50 most widely used apps last year were in non-Microsoft products.

[Related: Microsoft Pays Out First Bug Bounty Reward To Researcher]

Google, Apple, Adobe and Mozilla all had more vulnerabilities than Microsoft, according to the Secunia report. However, as Turner noted at WPC, Microsoft's footprint is three to five times larger than these companies.

"Not only do we have a bigger footprint, we're driving the number of vulnerabilities down year after year," Turner said. "We've got to get the facts out on security."

There was a time when Turner's comments would have triggered controversy in security research circles, but that's no longer the case.

Microsoft apps are more secure than in the past, and the company is responding to issues much faster than it used to, Andrew Plato, president of Anitian Enterprise Security, a Beaverton, Ore.-based security consultancy, told CRN.

"Microsoft is extremely aggressive in going after bugs and security weaknesses," Plato said.

Anitian's penetration testing has shown that apps deployed in Windows environments are generally more secure and resilient to common attack tactics, Plato said.

"The challenge with Windows is that it tends to attract less skilled developers, and as such many of the applications are coded poorly and therefore have weaknesses in the application itself," Plato said. "But the operating system offers a robust and secure platform."

Microsoft is also getting more proactive about security. In June, it took legal action to disrupt the Citadel botnet. Earlier this month, it began paying bounties to researchers that discover and submit previously unknown vulnerabilities.

By fighting security threats on numerous fronts, Microsoft is compensating for the fact that it's the biggest attraction out there for online miscreants.

"Microsoft does have the dubious honor of being a very large target, thus their smaller vulnerability footprint is that much more impressive," Plato told CRN.

PUBLISHED JULY 17, 2013