Ten years ago this week, during a time when security problems were threatening trust in software products, Chairman Bill Gates sent out a company-wide memo communicating that the company must make trustworthy computing the highest priority for the company and for the industry over the next decade.
Bill Gates’ directive set into motion a series of fundamental changes at Microsoft that changed its culture and still resonates a decade later. The most visible response was the creation of Microsoft’s Security Development Lifecycle (SDL) to ensure that security issues were caught early during the software product development cycle, and that security was not retrofitted into products at the end of that process. The SDL became mandatory at Microsoft and then publicly available so that developers everywhere could embrace the SDL process.
While a focus on security dominated the early days of TwC, we have also raised the bar on reliability and privacy. Better instrumentation such as Windows Error Reporting has led to fewer system disruptions, increasing productivity and alleviating user frustration. Microsoft was also one of the first companies to develop layered privacy notices. We have a privacy notice that’s very short and concise and provides a good understanding of how we use data, but you can click on a link and get more details.
However, computing, society and the threats we face all continue to evolve. Attackers attack, defenders defend, and each learns about the other’s techniques and weaknesses. While Microsoft will remain vigilant in its focus on building dependable software and systems, it’s impossible to reduce vulnerabilities to zero, so we must continue to develop innovative ways to mitigate threats.
Craig Mundie, Microsoft’s chief technology officer, today shared a memo with Microsoft employees highlighting the evolving role of computing in society and our responsibilities as an industry leader. Computing has become a major part of the fabric of modern society and in the coming years, security, privacy and reliability will become increasingly important as cloud services continue to expand. Craig’s memo notes that because threats are becoming more sophisticated and persistent, our dedication to Trustworthy Computing has never been more important.
“TwC Next,” the ensuing decade-plus of Trustworthy Computing, will focus on the PC-plus era, the new world of devices and services, and the role of governments in computing. Security, privacy and reliability strategies must evolve to remain potent. I will be releasing a paper on TwC Next in conjunction with my RSA keynote on Feb. 28 that outlines my vision for how we must adapt to this new world of devices and services. Everyone at Microsoft and the entire computing ecosystem has a role to play. To learn more about what’s planned for TwC Next, visit: http://www.microsoft.com/twc.
Posted by Scott Charney
Corporate Vice President, Trustworthy Computing, Microsoft