- cross-posted to:
- hackernews@lemmy.smeargle.fans
- cross-posted to:
- hackernews@lemmy.smeargle.fans
deleted by creator
I’d be curious to see if this actually enforced and for how long. I see companies cutting costs on security all the time. You can’t really trust them with anything else than creating and optimizing processes to make money. I’d rather see public regulators eat their turnover until they comply.
Sounds like they’ve been following this well… Except replace “security” with AI.
Seems best to do this after firing the first 2-3 levels of leadership since this whole mess was created under their watch. Maybe the next thing to do is to ask if the US government wants to so heavily depend on a company that is no longer a US entity.
Microsoft is overwhelmingly Indian contractors now. Infact much of the large legacy US tech companies have done so much offshoring I’d hardly call them US companies anymore. Are these companies really who we want to stake our national security on?
This is a tough bar. Security often cannot be prioritized alone. You have to have solid architecture and fix bugs because any bug can have potential security impacts. Your code has to be not garbage.
Which is exactly why security should be on the executive agenda.
And in Microsoft’s case you also have to preserve backwards compatibility. It’s one of the reasons the OS continues to dominate despite how it treats its users.
Judging by the last month of our Microsoft 365 tenant at work, they have plenty of room to improve. (Maybe by expanding in-house QA instead of relying on their customers.)
One of the several issues we ran into in the last few weeks was that you couldn’t download or view attachments in the Outlook Web app if you’d been logged in for over 10ish minutes.According to the official advisory, this was due to “code put in production designed to increase reliability.” That was a funny way of making things reliable. It was over a week until they’d pushed a fix for that one - right around the time more Outlook issues started popping up.
So yeah, while I agree with you that this might be tough - it might just be the best move they’ve made in a while. Maybe it’ll cause them to pay more attention to fixing bugs, and focus less on solving problems no one has. (Apparently we, as customers, have been dying for an AI button on our keyboard, to easily access an AI feature now baked into the taskbar.)
Incentives like this are tricky. You can reduce the numbers by fixing the problem, or by sweeping it all under the rug. Guess which is easier to do on a quarterly basis?