Ballmer on security

Microsoft has posted the full transcript of CEO Steve Ballmer's appearance yesterday at the Gartner Symposium and ITxpo in Florida. The discussion covered lots of topics, from Linux to Halo 2, but one of the more interesting exchanges involved Ballmer's thoughts on security:

I think at this stage if I can say nothing else I can say I think we've learned a lot more about security than basically anybody else in the world -- that's kind of the good news and the bad news, being in the position we've been in with the kind of market share -- is we really need to focus in on a few things.

One, we do need to engineer in fewer vulnerabilities going forward. We have changed our development process. We have a whole new set of development tools, which we will productize also for our customers to help spot potential security vulnerabilities. We have trained our engineers in a different way. That training is available for third parties. And that does make a dramatic difference; we see it in Windows XP SP 2, we saw it in Windows Server 2003.

I can't say today all vulnerabilities will be eliminated, plan on it. I think it would be naïve for anybody to say that, partly because the hackers get smarter, too, and the threat models get more sophisticated, but we've made big progress.