|Windows (application layer)
||A good patch process helps make up for mistakes of the past.
|Windows (kernel layer)
||Openness helps protect a small area of risk that can have huge implications.
||Making a start, but otherwise leaves it up to developers and ISVs.
||Firewalls, adware identifiers, and other tools enable IT professionals to manage their own security.
||Doesn't waste time in delivering fixes to critical vulnerabilities, but argues for secrecy until it creates those fixes.
||The resources available for learning about, addressing, and managing security are large and growing.
Table 1 Does Microsoft Security Make the Grade?
It's been four years since Microsoft announced the Windows Security Initiative and reinvented itself as a security-conscious company. In the interim, it has made progress on some significant issues, while it still has a lot of work to do on other issues. Notably, one of the biggest security holes remaining in Microsoft's platform is in its developer tools, and Visual Studio specifically.