Nadella’s Microsoft approach is leaning the right ways and is great copy for media, but it’s bland and meaningless when stripped from the context of a proper information security management system.

What he means is that stuff ought to be secure by default and it’s time for Microsoft to let go of previously higher goals – such as backwards compatibility, as per his provided examples – but pursuit of security to the exclusion of all risk leads to unhealthy stagnation, and his words are open to that interpretation.

Quote:

If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security. In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems. This is key to advancing both our platform quality and capability such that we can protect the digital estates of our customers and build a safer world for all.

https://www.theverge.com/24148033/satya-nadella-microsoft-security-memo