Microsoft's Trustworthy Computing Hits 10-Year Anniversary

In celebration of Bill Gates' Trustworthy Computing's (TwC) decade of operation, Microsoft released a retrospective of the company's quality assurance strategy.

The foundation for the initiative came from a 2002 Bill Gates memo, in which he laid out his plans to make sure Microsoft software is always readily available and always improved upon when flaws arise.

"As software has become ever more complex, interdependent and interconnected, our reputation as a company has in turn become more vulnerable," wrote Gates in a company-wide e-mail. "Flaws in a single Microsoft product, service or policy not only affect the quality of our platform and services overall, but also our customers' view of us as a company.

"So now, when we face a choice between adding features and resolving security issues, we need to choose security. Our products should emphasize security right out of the box, and we must constantly refine and improve that security as threats evolve."

According to Microsoft, one of the highlights to come out of the TwC was Microsoft's Security Development Lifecycle (SDL), in which any Microsoft software or products available to customers must go through the appropriate amount of testing, debugging and support. Another important component to this includes the support of third-party vendors and the public to advise if any issues do arise, and to debug any flaws in the software.

"Building on our internal changes, we realized collaboration with the industry was core to helping businesses, governments and citizens realize safer computing experiences within a dynamic, changing and increasingly complex threat landscape, said Scott Charney, corporate vice president of the Microsoft Trustworthy Computing, in the retrospective. "No one company, individual or technology can drive this change alone."

And Microsoft hasn't been alone. Many companies, including Adobe and Cisco, have instituted similar security development lifecycles based off of Microsoft's original model. Brad Arkin, senior director of security at Adobe said that his company's own lifecycle works so well due to the fact that it had both bad and good examples from Microsoft on what to do during the early stages of SDL. "In formalizing our own secure product lifecycle, we were eager to tap into that knowledge instead of reinventing the wheel," said Arkin. "This allowed us to spend more time on the actual implementation across all of our product teams."

Another component to Microsoft's TwC is the commitment to user and data privacy. As cloud adoption continues to grow, and users juggle multiple always-connected devices, Microsoft sees protecting the privacy of each user (whether from security issues or individual rights) to be the next challenge. "While computers were originally embraced by governments and businesses to promote commerce, now, with the consumerization of IT and social networking, all these devices and services constitute the social fabric of our lives," said Charney.

SQL Server 2012 Licensing Options
[Click on image for larger view.]
Microsoft's Trustworthy Computing Timeline.

In the retrospective, Microsoft also knows that for TwC to continue successfully, it will have to adapt with both emerging technology and the unique security issues that arise from it. According to the feature, "security, privacy and reliability strategies must evolve to remain potent. There is still much work that our industry must do to make computing more trustworthy. Everyone at Microsoft and the entire computing ecosystem has a role to play. "

About the Author

Chris Paoli is the site producer for and


  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

  • Most Microsoft Retail Locations To Shut Down

    Microsoft is pivoting its retail operations to focus more on online sales, a plan that would mean the closing of most physical Microsoft Store locations.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.