Money out of thin air

    This post reflects only my personal opinion.

    I visited the Open Source Summit (http://www.pcweek.ru/foss/conference/program/), even made a presentation there in the section "Certified and secure solutions based on open source software".

    In the same section, a comrade from this company, www.cis.ru , made a report: “Problems in certification of updates for certified software products.”

    The report described the difficulties they face in certification of Microsoft Windows updates according to the “guidance documents” (the topic for the Open Source Summit is hurt!), How they overcome these difficulties and bring certified Windows updates to a grateful consumer.


    They have some kind of secure storage, on which on a certain day everything that they managed to certify is laid out. At the same time, not all updates are certified, but only those that they consider important for certification - the other updates are kindly allowed by SIS to be installed directly from the Microsoft website.

    I was very pleased with the criterion for selecting updates for certification - "based on what Microsoft itself will write about the update."

    At the same time, the SIS said that certification takes time, therefore, “critical updates” can be installed without the permission of the SIS, but at your own risk and risk, Windows will no longer be considered certified. That is, the administrator has a choice. Or close a real security hole, but run into a fine from the regulator (and risk your work, yeah). Or live with a "certified hole" until the ICU gives the green light to close it.

    When certifying updates, Microsoft, of course, does not provide SIS with source code. What does the certification procedure look like technically?

    What happens if the update does not meet the certification requirements? SIS will make a complaint to Microsoft?
    It turns out in this case, the SIS will not allow users to install the update until Microsoft recovers. What the phrase “Microsoft will fix” means - I never tasted it. And if the user does not heed and install the update, then his Windows will again be considered uncertified.

    Reflections on the subject “on what is the business of this company built” lead to sad reflections on the topic “why is the existence of this business in one particular state possible”.

    PS I was glad that many listeners of the report reacted in approximately the same way.

    Also popular now: