Many of you may have read about the Five-year-old who discovered an Xbox password bug.
It is a fun news item, but the part that interests me most, is Microsoft's behaviour in this.
Long gone are the days when Microsoft were the general whipping-boy amongst Information Security professionals. I recall how people laughed (myself included) when, a little over 12 years ago, Microsoft's Bill Gates announced that they would be taking security seriously. Oh how we laughed! (You can read the memo, here)
The changes in Microsoft's security have been across the board. From their .Net development framework to their Xbox gaming platform - everything has changed.
This is why this Five-year-old's discovery is so cool to me. Many organisations would have rushed to silence the family; discredit them, apply spin; release the Lawyers with a DMCA "how-dare-you-hack-our-system" notice. Microsoft's response was to work with the family to understand/fix the bug and reward them in a currency that would be appreciated by the five-year-old!
So that twelve year old memo has even affected the way the business deals with security incidents.
As a case-study for other businesses to emulate, there are few better out there.
So, from this self-confessed Linux and Apple fan boy, who ROFL'd when I read that memo, 12 years ago, "WELL DONE MICROSOFT"!