In 2003 I interviewed to be security architect for MSFT Office. My final interview was with the guy they told me was "the most senior programmer in the office group" who had "been with the company since Albuquerque."
This was in the middle of the 2003 security stand-down and he started by asking "How are your QA skills? Cause in a couple months Bill (Gates) is going to forget all about security and we'll get back to writing code the way we always have. And we won't need a Security Architect so we'll have to find a job for you and I was thinking QA."
Corners of Microsoft doing stupid things with respect to security isn't an accident. It's a natural consequence of their culture.
That being said... There are (or at least were) some amazingly good security brains in Redmond. It's just that not all groups got the security memo.
This was in the middle of the 2003 security stand-down and he started by asking "How are your QA skills? Cause in a couple months Bill (Gates) is going to forget all about security and we'll get back to writing code the way we always have. And we won't need a Security Architect so we'll have to find a job for you and I was thinking QA."
Corners of Microsoft doing stupid things with respect to security isn't an accident. It's a natural consequence of their culture.
That being said... There are (or at least were) some amazingly good security brains in Redmond. It's just that not all groups got the security memo.