Security Advisor

Microsoft Pulls Plug on Trustworthy Computing Group

The remaining members will be absorbed into Cloud & Enterprise and Legal and Corporate Affairs groups.

Microsoft resumed its massive layoffs last Thursday and one casualty was the company's Trustworthy Computing (TwC) Group.

While Microsoft has yet to officially comment on the specifics of the TwC shutdown, it appears that the group joined the 2,100 Microsoft employees that were cut last week. Microsoft veteran reporter and Redmond columnist Mary Jo Foley said that those in the group not affected by the recent wave of layoffs would be split between the Cloud & Enterprise and Legal and Corporate Affairs groups.

Foley also got confirmation of sorts from John Lambert, general manager of network security and science for the defunct Microsoft group, in a tweet: "... my mates, all your TwC is still here. SDL, operational security, pentest, MSRC, Bluehat are just under a new roof."

TwC came from Microsoft Founder Bill Gates' famous initiative in 2002 and focused on strengthening the entire line of Microsoft products from attacks. Out of the formation of the group came the company's monthly security patch updates, released on the second Tuesday of every month, and the development of free Microsoft security tools like Security Essentials and Defender.

While it's unlikely that Microsoft will abandon its monthly patch release or security products that have spun out of the group, it's unclear if and how the absorption of personnel into the two groups will change Microsoft's security focus.

In an editorial piece penned by former Microsoft Security Response Center member Christopher Budd on GeekWire, he argues that the move was done due to a lack of revenue directly from the group, and the injection of security into the Cloud & Enterprise and Legal and Corporate Affairs groups will help to strengthen the connection between security and specific Microsoft products. "TwC was never a revenue-generating group and its power suffered for it. In my opinion from my time there, we were able to get more done as part of Windows than as part of the stand-alone TwC because of that reality. It also puts the security engineering groups closer to the people doing the actual engineering, which is how things really get done at Microsoft."

The closer interaction of security experts with the product engineers may be just the thing Microsoft needs to bring some stability to its monthly security updates. Microsoft has not had the best track record with its 2014 patches, and has had to pull items in the previous three months' rollups due to testing and incompatibility issues.  Foley has hinted that Microsoft will be working on revising how it issues its monthly security updates for the release of Windows 9, code-named Threshold, and this move could be a precursor to that.

Along with TwC getting the axe, Microsoft also closed the doors of its Silicon Valley research group, a subset ran by engineers and computer scientists to brainstorm future Microsoft products.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube