After last week’s discovery of the latest Vista security bug, Microsoft tried to repair its image a bit by announcing how exactly some of its security recommendations were written: with a little help from our friends over at the NSA (and the American taxpayer). Joris Evers, of CNET News.com, wrote today about the secretive, federal spy agency’s involvement in recommendations associated with Vista’s rollout in large enterprises. However, after the NSA (often referred to as “No Such Agency”) actually admitted to the Washington Post today that it was involved in a fairly non-specific manner, this presents another concern. Tony W. Sager, the NSA’s chief of vulnerability and operations group described the activities as two teams (good and bad) waging a hacking war against each other and then sharing the results and recommendations with Microsoft’s developers.

I know the NSA has a stake in ensuring the security of Vista (as they did with XP and 2003 Server to some extent as well), however who’s to say it isn’t putting in loopholes and backdoors for its own use? There are more concerns which will become more complex and more apparent as we go on, but which are critically demanding our attention as protectors of our companies’ information.

Also included in the CNET article are a number of very useful links relating to the secure deployment of Windows Vista. In addition, here is the official Windows Vista Security Guide, but please check out these articles for detailed information on this announcement. Oh… and take my suggestion and wait a bit to migrate your organization to Vista until at least the next service pack is released.

This security bug and any associated political/economic windfall from the taxpayers’ money being used to help develop a private company’s product bound to boil to the top at some point. So, keep your eyes and ears open and we’ll sort it out one of these days.