Information Age: News, analysis & insight for IT & business leaders

1 April 2003 Three-quarters of security specialists at major organisations do not believe that Microsoft's software is secure, according to a survey by analysts Forrester Research.

Nevertheless, nine out of ten still use Microsoft software as the foundation for mission critical applications.

At the same time, Forrester analyst Laura Koetzle also criticised the companies themselves for doing too little to secure the software. Only 59% of the companies that had suffered security breaches had changed the way they use the software, said Koetzle.

Microsoft introduced its 'Trustworthy Computing' initiative more than a year ago in a bid to address mounting criticisms about the security worthiness of its software. Trustworthy computing is a company-wide drive intended to improve the security of its software.

Developers, for example, are sent on crash courses intended to make them more security aware in the way that they build applications.

"We understand that achieving the goals of Trustworthy Computing will not be an easy task and that it will take several years, perhaps a decade or more before systems are trusted the way we envision," a Microsoft spokesman told Reuters.

He added: "We are working to address existing security concerns, including patch management... This is only the beginning and we are confident that customers will continue to see additional progress over time".

Patch management has become a particular priority because a number of high-profile security flaws in Microsoft software have been ruthlessly exploited by virus writers.

In the latest, the SQL Slammer worm that appeared in January 2003, users complained that a security patch issued last year to protect against the vulnerability was difficult and therefore time consuming to install and often caused other problems.

Forrester surveyed 35 chief security officers at companies with turnovers of at least $1 billion.