November 17, 2002
Craig Mundie marked the first year of Microsoft's Trustworthy computing intiative during the Silicon Valley Speaker Series. The transcript of Mundie's speech provides an interesting insight into how far Microsoft has come and some of the hurdles ahead.
The biggest question I have of Microsoft's security strategy is whether they have done enough soon enough.
Mr. Mundie says the right things when he speaks of building software that is
"secure by design, secure by default and secure in deployment." He equates security and reliability and he is aware of the cost the company's numerous privacy gaffes over the last several years.
The products receiving the most security attention either hit the market in late 2001 to 2002 or are still in development. The installed base is where the danger lies. Out of an estimated 400 million people on Windows, the vast majority are on Windows 95. I would like to a breakdown of what the server world looks like and the speed the installed base adopts the XP server OS. If Microsoft cannot convince the world to upgrade to newer versions, the company will find themselves in a marketing catch-22.
Best Case vs. Worst Case:
In a best case senario, MS products should become incrementally more secure as Microsoft's internal training adopts increasing amounts of security content, developers begin to innovate in a secure fashion, and products presently in the design state are actually designed secure from day 1. (Products that were in the design stage two years ago and coming to market in 2002 and 2003 will propably recieve security testing and design reviews.)
A worse case senario would be if Mr. Mundie's speech is all hot air and the organization has not found the religion, Mr. Mundie professes.
The impending catch-22:
In order to actually improve the security of the electronic infrastructure, and renew trust in Microsoft products, the company needs to migrate the installed base off of old products and onto new ones in the middle of a recession. From a marketing and perhaps a liability? point of view Microsoft must make the case to upgrade beyond "it's more secure because the last product that we told was secure really was not."
Or "we convinced you to buy the last product when times were good, but the quality was really bad and probably left you vulnerable to numerous attacks, so buy this new one and that won't happen again - trust us."
Even if products coming to market today have recieved world-class security reviews, they were designed two years ago when security was not a priority. Somehow Microsoft will have to convince the installed base to trust them again. I imagine they will get outside consulting companies to write white papers describing how much "more secure" product X is over the the last version.
In the security world, if you can not prevent someone from exploiting something, you build a level of accountability into the system, so that you can track them down after the fact. Trust is for sissies.
I wonder to what extent the market will hold Microsoft accountable for the security of their products?
1. "Trust is for sissies." is an original line from Dr. Daniel Geer or Bob Blakley - I'm not sure which one of them stole it from who.Posted by Abner on November 17, 2002 04:40 PM | TrackBack