News

Microsoft Exec: Trustworthy Computing More than a Slogan

Goal of Trustworthy Computing initiative is "To make computing so safe and reliable that people simply take it for granted, just like...the telephone system, water supply and electric power grid," say

• By Keith Ward
• 07/12/2002

Lipner, Microsoft's Director of Security Assurance, said during a keynote speech at the MCP TechMentor Summit on Security that "The key goal of Trustworthy Computing is to make computing so safe and reliable that people simply take it for granted, just like other systems you take for granted today like the telephone system, water supply and electric power grid."

To that end, Lipner commented, Microsoft is "focused not on building in security features, but on making sure products do what they say they do, securely."

The catalyst for the initiative was Chairman and Chief Software Architect Bill Gates' memo last January that shifted the development emphasis from features to security. In that memo, which has often been compared to Gates' mid-'90s memo "The Coming Internet Tidal Wave" for the effect it had on the company, Gates said that features should be sacrificed for security, instead of the other way around as has been past practice.

"I think you can say this is a clear internal commitment, from developers and testers to the top executives in the company," Lipner said.

The commitment to securing its products is so serious, Lipner said, that it involved about 8,500 employees and cost the equivalent "of between 1,400 and 1,500 work years in two months" by those employees to retrain and go through code. A financial vice-president said recently that the total cost to the company for the security push was about $100 million, but Lipner said that estimate "was probably on the low end of what it cost us."

When it comes to Microsoft's next big product release, .NET Server, Lipner said it will be a quantum leap in security out of the box. One big change is a new emphasis on accountability. Lipner said that everyone who contributed to the .NET Server CD (slated for general release next year) had to reexamine their code for vulnerabilities. They then had to "sign off" on that code, proclaiming it secure. "We now have individual accountability specifically for security for every file in a Windows program. Now, if a vulnerability is discovered, we have the ability to go back and ask why" it occurred.

Lipner also mentioned Microsoft's "Severity Ratings System," which classifies vulnerabilities as Critical, Moderate or Low, depending on how much damage they can potentially do to a system. "We've been using it about eight months now, and we think it's been useful for customers," he said.

Lipner also urged patience for those who expect the Trustworthy Computing initiative to immediately solve all security holes in Microsoft's products. "Achieving this level of trustworthiness won't happen overnight. It will probably take a decade" to implement all the processes and controls, he said. But in the end, it will be worth it, Lipner predicted. "Individual trust is a key factor in realizing that promise, if people are going to trust the computing business and trust us."