Printer Friendly

Microsoft and security: whenever shall the Twain meet?

Let the record reflect that security is now Job #1 at Microsoft Corporation. In a memorandum sent to company employees and leaked to the press, Chairman Bill Gates introduced a strongly-worded but light-on-specifics initiative to increase the security of the company's products and to maintain the privacy of those who use them.

"Trustworthy Computing" outlines a new direction for the company, one that makes the addition of bells and whistles to products secondary to the guarantee that those products are sale and that users feel their privacy is maintained while using them. "If we don't do this, people simply won't be willing--or able--to take advantage of all the other great work we do. Trustworthy Computing is the highest priority for all the work we are doing," Gates wrote.

The timing of Gates's pronouncement is curious. Sure, post-September 11 most companies have a renewed focus on security, be they airlines or software makers. But coming as it did on the heels of terrible publicity about holes in Windows XP, problems with Passport, and Hotmail security breaches, it smacks of closing the barn door after the horse has escaped. Why now?

Microsoft has been opening its products up to the Internet since at least 1999, when its .NET initiative was announced. Since that time, it has only increased the potential vulnerabilities of all its products by refusing to add even the most basic level of protection from malicious scripting. Or it has added them only after a public outcry.

It's probably no coincidence that Trustworthy Computing came shortly after the publication of a National Academy of Sciences report called Cybersecurity Today And Tomorrow. The report recommends for the first time that, among other possible measures to increase security, software makers be held liable for the damage caused (or propagated) by their products. It states:

"Policy makers should consider legislative responses to the failure of existing incentives to cause the market to respond adequately to the security challenge. Possible options include steps that would increase the exposure of software and system vendors and system operators to liability for system breaches and mandated reporting of security breaches that could threaten critical social functions."

This is revolutionary language for our industry, but it reflects both the growing importance that software plays in the business of the country (and the world) and the extent to which security breaches of such software can disrupt the workings of global markets. If drug makers, automobile companies, and toy manufacturers can be sued for poorly designed products, say critics, why can't software companies?

It's possible that Gates now senses change in the air, and is establishing the groundwork for a possible defense should software liability legislation ever come to pass. But regardless of the motives behind Trustworthy Computing, Microsoft must do more then just pay lip service to the security of its products.
COPYRIGHT 2002 West World Productions, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2002, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Stub Files
Author:Piven, Joshua
Publication:Computer Technology Review
Date:Mar 1, 2002
Previous Article:Backup is important, recovery is everything.
Next Article:Intel finally gives nod to DDR is it RIP for Rambus?

Related Articles
Storing exchange databases on NAS: is it safe to go back in the water?
Mississippi Academy of Sciences Bylaws.
A completely paperless payroll--is it possible? ...yes!
Manufacturing techniques to decrease high-speed Digital Signal distortion: backdrilling is a cost effective strategy to reduce detrimental signal...

Terms of use | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters