alt Hacker NewsIt's not very clear from the article, but I get the feeling from the context that the 'pile of shit' quote referenced the package of documentation about the service rather than the service itself.
(That seems to be the main complaint, that Microsoft never provided the clear information required to conduct the assessment properly).
Replies
Wait- so they basically threw up their hands? No documentation! Not evaluable? Thus clearly of value for somebody? Big stamp, job well done! NEXT?
That’s a perfectly valid reason to reject a security solution, and is one of my top complaints about Microsoft in this decade.
They fired all of their technical documenters, so their security critical systems, APIs, tools, and SDKs now have only auto-generated docs that are just the function names with spaces added between the words.
Like this:
Overrides the authorization for an identity.
AuthorizationOveride( string identity );
> The tech giant’s “lack of proper detailed security documentation” left reviewers with a “lack of confidence in assessing the system’s overall security posture,” according to an internal government report reviewed by ProPublica. > > Or, as one member of the team put it: “The package is a pile of shit.”
Yes, it seems pretty clear from that quote that the reviewer said the security package was a `pile of shit`, and propublica went on to extend that to the cloud itself. Not that I want to comment on the merits of Azure's security, but that sounds pretty clickbaity from propublica to me. A more appropriate title would have been
> Federal Cyber Experts Thought Microsoft’s Cloud Security documentation Was “a Pile of Shit.”