| > but this surprises me Unfortunately, it's true. People used to relying on Microsoft understandably don't want it to be so, so they're in for a rough time trying to figure out actually workable alternatives. :( This has been an ongoing problem for years, and every time some new problem is found Microsoft just trots out the PR promises that they'll do better. Without then doing any better. • https://arstechnica.com/information-technology/2022/10/how-a... (2022) • https://arstechnica.com/security/2023/08/microsoft-cloud-sec... (2023) • https://arstechnica.com/information-technology/2024/04/micro... (2024) For the US government's official perspective on Microsoft's security competence, there's the federal Cyber Safety Review Board report released in April this year: • https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review... (2024) "Throughout this review, the board identified a series of
Microsoft operational and strategic decisions that collectively
points to a corporate culture that deprioritized both enterprise
security investments and rigorous risk management," the report
reads.
And so on.Note that the problems didn't start in 2022, that's just the earliest I could be bothered looking with minimal effort. ;) |