On January 15, 2002, at 2:22 P.M., Gates sent an e-mail with the subject Trustworthy Computing to Microsoft's 50,000 employees. Gates is not known for distributing company-wide e-mail messages, so this one got a lot of notice. In the e-mail, Gates called for Microsoft's designers, programmers, and testers to place a higher priority on developing secure and reliable systems than on building enhancements and adding features. "Trustworthy Computing is the highest priority for all the work we are doing," Gates wrote as he outlined the new company focus on availability, security, and privacy. Over the past eight months, Microsoft reportedly has spent more than $100 million enforcing its Trustworthy Computing policy. This is a significant investment, even for a company that reportedly has more than $30 billion in reserve cash. Microsoft used the money to conduct an extensive security review of many Microsoft products, even going so far as to halt development work by more than 8,500 Microsoft engineers to facilitate an intensive vulnerabilities analysis of millions of lines of Windows source code. Of course, the work has really just begun, especially when you consider that Craig Mundie, Microsoft's senior vice president and CTO of advanced strategies, recently stated, "It may take us 10 to 15 years to get there, both as an industry and as a society." Report card
The categories and definitions that I'm going to use to grade Microsoft on its Trustworthy Computing progress come directly from its own Trustworthy Computing White Paper, published in May 2002. Below are eight categories outlined in the white paper. Security
Steps have been taken to protect the confidentiality, integrity and availability of data and systems. Privacy
End-user data is never collected and shared with people or organisations without the consent of the individual. Privacy is respected when information is collected, stored, and used consistent with Fair Information Practices. Availability
The system is present and ready for use as required. Manageability
The system is easy to install and manage, relative to its size and complexity. (Scalability, efficiency, and cost-effectiveness are considered to be part of manageability.) Accuracy
The system performs its functions correctly. Results of calculations are free from error, and data is protected from loss or corruption. Usability
The software is easy to use and suitable to the user's needs. Responsiveness
The company accepts responsibility for problems and takes action to correct them. Help is provided to customers in planning for, installing, and operating the product. Transparency
The company is open in its dealings with customers. Its motives are clear, it keeps its word, and customers know where they stand in a transaction or interaction with the company.
Source: Trustworthy Computing White Paper Of course, to get an accurate picture of how Microsoft has progressed in recent months, it's important to look at how the company was doing prior to the new initiative. Figure A provides a report card on where Microsoft was in December 2001 and where it is in October 2002.
| Figure A |
 |
| Our report card on Microsoft's progress with Trustworthy Computing |
Eight months after Bill Gates announced the company's Trustworthy Computing initiative, the grades are in. Overall, they reveal that Microsoft has made progress in certain areas, while some areas still have room for major improvement.
Have your say instantly in the
Tech Update forum. Find out what's where in the new Tech Update with our
Guided Tour. Let the editors know what you think in the
Mailroom.
Tech Update forum. Find out what's where in the new Tech Update with our
Guided Tour. Let the editors know what you think in the
Mailroom.
