Old, but still interesting
by Volker Weber
Just ran across this piece by Yaron Y. Goland on life as it is (was?) at Microsoft:
I first heard about it on NPR. Windows XP had a major security flaw [1,2], even Microsoft was saying that this one was serious. That got my attention as Microsoft generally denies the importance of security flaws claiming that the flaw 'isn't in the wild' or 'doesn't affect real users' or 'has never been used', etc. What really focused my attention was when I found out that the flaw was in a system called Universal Plug and Play. I was the network architect for UPnP and was the lead author for SSDP, the algorithm at the center of the security hole. You can imagine the shape my stomach was in at the thought that I might be responsible for a security hole so egregious that even Microsoft agreed it was a problem.
