Microsoft and security: whenever shall the Twain meet?
"Trustworthy Computing" outlines a new direction for the company, one that makes the addition of bells and whistles to products secondary to the guarantee that those products are sale and that users feel their privacy is maintained while using them. "If we don't do this, people simply won't be willing--or able--to take advantage of all the other great work we do. Trustworthy Computing is the highest priority for all the work we are doing," Gates wrote.
The timing of Gates's pronouncement is curious. Sure, post-September 11 most companies have a renewed focus on security, be they airlines or software makers. But coming as it did on the heels of terrible publicity about holes in Windows XP, problems with Passport, and Hotmail security breaches, it smacks of closing the barn door after the horse has escaped. Why now?
Microsoft has been opening its products up to the Internet since at least 1999, when its .NET initiative was announced. Since that time, it has only increased the potential vulnerabilities of all its products by refusing to add even the most basic level of protection from malicious scripting. Or it has added them only after a public outcry.
It's probably no coincidence that Trustworthy Computing came shortly after the publication of a National Academy of Sciences report called Cybersecurity Today And Tomorrow. The report recommends for the first time that, among other possible measures to increase security, software makers be held liable for the damage caused (or propagated) by their products. It states:
"Policy makers should consider legislative responses to the failure of existing incentives to cause the market to respond adequately to the security challenge. Possible options include steps that would increase the exposure of software and system vendors and system operators to liability for system breaches and mandated reporting of security breaches that could threaten critical social functions."
This is revolutionary language for our industry, but it reflects both the growing importance that software plays in the business of the country (and the world) and the extent to which security breaches of such software can disrupt the workings of global markets. If drug makers, automobile companies, and toy manufacturers can be sued for poorly designed products, say critics, why can't software companies?
It's possible that Gates now senses change in the air, and is establishing the groundwork for a possible defense should software liability legislation ever come to pass. But regardless of the motives behind Trustworthy Computing, Microsoft must do more then just pay lip service to the security of its products.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Stub Files|
|Publication:||Computer Technology Review|
|Date:||Mar 1, 2002|
|Previous Article:||Backup is important, recovery is everything.|
|Next Article:||Intel finally gives nod to DDR is it RIP for Rambus?|