Posted by: Tony Bradley
Bill Gates, Microsoft, SDL, Security Development Lifecycle, Trustworthy Computing
Ten years ago, Bill Gates threw down the gauntlet for Microsoft to raise the bar for security:
Every few years I have sent out a memo talking about the highest priority for Microsoft. Two years ago, it was the kickoff of our .NET strategy. Before that, it was several memos about the importance of the Internet to our future and the ways we could make the Internet truly useful for people. Over the last year it has become clear that ensuring .NET is a platform for Trustworthy Computing is more important than any other part of our work. If we don’t do this, people simply won’t be willing – or able – to take advantage of all the other great work we do. Trustworthy Computing is the highest priority for all the work we are doing. We must lead the industry to a whole new level of Trustworthiness in computing.
The last decade has included a wide array of significant strides by Microsoft when it comes to security. At the foundation of it all is the Security Development Lifecycle — the bible of secure coding practices that drives more secure products from the ground up. Along the way, Microsoft has introduced a number of security tools and products, including:
This list doesn’t really even scratch the surface. In addition to the security tools it has developed, Microsoft has also made all of its software more secure by default. Month after month after month, vulnerabilities are discovered that impact Windows XP, but not Windows 7 — or if Windows 7 is affected it is to a much lesser degree.
Beyond its own products, Microsoft has also been tenacious in attacking and taking down botnets that impact the security of everyone on the Internet. And it all started with the Trustworthy Computing memo from Bill Gates a decade ago.