Now I know that war rooms or control rooms or command centers or whatever you call them tend not to resemble, in real life, the classic "big screen" rooms popularized by "WarGames" and "Fail-Safe." Nonetheless, I find the simplicity and modesty of Microsoft's Security Response Center a little, well, disconcerting. Okay, I don't need the big screen for comfort, but, you know, something beyond a dinky little laptop and some bundles of cable would help me feel a little more looked after. Maybe it's so secure that no computers are allowed. Can't catch a virus if you don't have a computer, right?

I'm also concerned for the staff. I mean, if you are on the front lines of combating the forces of evil as they attempt to subvert the most widespread computing platform known to man, you really probably need something more to sustain you than a few bottles of Torani and a bag of tortilla chips. I don't even see any salsa. You definitely are going to need salsa.

I am not, however, so concernedas Ina Fried with the picture of The Wolf up on the wall; I think she's reading a bit much into it.

Fried's three-part series on the evolution of security strategy and response in Redmond covers more serious matters and in greater depth. The first part is posted today with the rest to follow over the course of the week.

This part depicts the change in attitude at the company over the years regarding security. Largely disregarded at first (as has been true at most software companies over the years) a series of significant and very public exploits forced Microsoft to ramp up quickly to respond or head off such issues.

While the history is interesting, the changes chronicled in the article are neither as far-reaching nor as effective as Fried portrays them. The development culture at the company still values shipping over bug squishing, and if high-profile exploits in their software are not as common as they had once been, as much of that has been due to changes in IT culture as at the company itself. Moreover, I expect that many potential hackers aren't nearly as motivated to crack the company's products as they might be if they didn't already have their hands full with more cracked Windows boxes than they know what to do with. Botnets are less noticeable than high profile worms or server breaches, but they are far more effective for the nefarious purposes of the average hacker.

Nonetheless, I think the articles are worth a read (if only to see how things are being spun this quarter) and I'll be following up on the other two as they are posted.

Image courtesy John Beagle, reprinted under Creative Commons license.