Ten years of Microsoft’s Trustworthy Computing initiative: Has it delivered?

“In Bill’s original email,” says Scott Charney, corporate vice president, Microsoft Trustworthy Computing, “he identified three core attributes – security, privacy and reliability – that we had to develop in our software and services. Bill said that technology was going to be integrated in our lives in a far more rich way and would impact everything we do. That was one of the reasons it was so critical to get these three attributes right.”

Gates’ prediction was spot on. Few others realized ten years ago how integral computing would become to everything we do, personal and commercial. He had already admitted that he had missed the emerging importance of the internet, but he wasn’t going to miss the relevance of security and privacy. Before this memo, security professionals had a low opinion of Microsoft’s attitude towards security. Since then, in a slow but continuous evolution, that attitude has changed.

“Microsoft has put into place over time an incredible privacy program and has contributed to the global debate and discussion on privacy,” claims Malcolm Crompton, managing director, Information Integrity Solutions. Working in support of initiatives like the Asia Pacific Economic Cooperation Forum’s privacy framework and the European Union’s Data Directive, Microsoft has made meaningful contributions to the advancement of data privacy practices around the world.”

That’s Microsoft’s own view. However, the original memo “was greeted with great cynicism at the time,” comments James Firth of the Open Digital Policy Organization (ironically, at the time of writing, Open Digital’s website is one of those blacked out in protest at the US government’s SOPA and PIPA proposals). “I remember,” continues Firth, “it felt as though security vulnerabilities in Microsoft products were increasing on an exponential basis whilst rival platforms like Solaris, HP-UX and many Linux distros were felt by many to be immune.”

But any initiative lasting 10 years has proved itself to be more than just a marketing ploy - it could be seen now as a change management strategy. “With hindsight,” says Firth, “the TwC initiative seems to have been a shrewd move, acting as a catalyst to refocus Microsoft's entire development effort on basic security concepts such as modular (aspect-oriented) programming as a tool to decouple and understand security and test for vulnerabilities.” Now, Microsoft’s newer products, “particularly their cloud offerings, are seen by many buyers as at least on a par with rivals.” And that is a valuable endorsement from a third party pressure group.

The Open Digital Policy Organization has launched Open Digital Consulting to help fund its work. “We're launching a consultancy to pay for the policy work,” explained Firth, “but are absolutely committed to avoid the trap of being a seedy lobbying organization. By consultancy we mean ‘proper’ consulting with industry clients wanting to tap our knowledge, rather than buying access to our Westminster contacts.”

To answer our original question, has Microsoft delivered on TwC, the response must be 'it is doing so'. It has achieved much over the last ten years, and is continuing to do so. Trustworthy Computing is a continuous process adopted by and integral to the intentions of Microsoft.

What’s hot on Infosecurity Magazine?