Dana Epp has an interesting line of thoughts on Microsoft’s security mindset/initiatives, prompted by some grousing at nCircle’s blogs.
I’m a bit neutral about Microsoft’s security stance. They’ve done some really stupid things in the past, but it’s absolutely not OK to simply regurgitate old crap about them without acknowledging the significant sea change in their culture and products over the last couple years.
Take a look at Dana’s ten points and see what you think.
(Or if you want a completely different take on security at Microsoft, go see the rantings of tinfoil master Steve Gibson [who I used to respect for his product Spinrite] and then follow up with the response from Stephen Toulouse.)