Desmond File

Blog archive

Microsoft Talks Trust

Microsoft is, of course, a leader in the arena of IT and software development. And yet, I often feel that Microsoft runs the business the way I drive in rush-hour traffic -- an abrupt, panic-filled drama punctuated by angry shouting and the occasional triple-lane change. Still, the company almost always seems to get where it's going.

In the mid-'90s, Microsoft reworked its entire MSN strategy and launched Internet Explorer in response to the rise of the World Wide Web and Netscape. Just six weeks ago, Redmond suddenly announced a strategic interoperability pledge in response to competitive and regulatory pressure. And now today, at the RSA Conference keynote in San Francisco, Microsoft Chief Research and Strategy Officer Craig Mundie talked about what the company calls its "End to End Trust vision."

We've heard this word "trust" before. It emerged in January 2002 in the now-famous Bill Gates e-mail that, for the first time, placed security ahead of functionality in the Redmond product development stack. As Gates wrote at the time:

"Trustworthy Computing is the highest priority for all the work we are doing. We must lead the industry to a whole new level of Trustworthiness in computing."

That e-mail helped launch the Security Development Lifecycle (SDL) at Microsoft, and was critical in cleaning up the mess in such strategic products as Microsoft Office, SQL Server and IIS.

Now, Microsoft is broadening the challenge, seeking to drive a strategic discussion of privacy and security to the larger Internet. In the months ahead, you'll hear a lot of talk about the "trusted stack" and what it will take to achieve what Microsoft calls a "more secure and trustworthy Internet ecosystem."

This is a big topic Microsoft is taking on, and one that we should all make a point to pay very close attention to. The idea of a trusted stack certainly brings with it a host of integration, leverage and lock-in opportunities for Microsoft. But it also invites a true "lift all boats" scenario, where Microsoft may stand to profit most by working closely with, rather than competing against, its fiercest rivals.

If there's one truism in all of these developments, it's this: The work is never done. On the same day Microsoft announced its End to End Trust vision, the company sent out a Patch Tuesday security bulletin detailing five critical security vulnerabilities.

What do you think of Microsoft's End to End Trust vision and its push for a trusted stack? Speak up at [email protected].

Posted by Michael Desmond on 04/08/2008 at 1:15 PM

comments powered by Disqus