Microsoft preaches software security
- 12 August, 2003 12:25
Microsoft has urged software developers to change the way they work.
During his keynote address at this year’s Tech Ed conference, the software giant’s chief security strategist, Scott Charney, called on the software community to move security concerns to the front of the bus instead of addressing them once a product had been created.
Charney cited Windows 2003 as an example of how considering security issues from the outset could make a difference.
He said it was released in April but did not require a critical patch until July.
“We [Microsoft] have changed our development process so that every new product goes through a security push,” he said.
“We have a long way to go, this is probably a 10-year initiative, but we have to change the way the industry makes software. It’s not just a Microsoft problem, it’s an industry problem – we have to do this as a group, as a community.”
To further that goal, Charney said Microsoft’s developer partners would be given access to the same tools it uses. He also highlighted the need for training and certification to keep developers up-to-date with technological changes.
Emphasising the more open image Microsoft was trying to project these days, Charney noted that it was publishing more white papers than ever before and said it was striving to do a much better job of communicating its roadmap to business partners and end users.
He said that, historically, governments around the world had looked at the dependence built on IT infrastructure during the mid-1990s, in terms of public safety and national security, and realised 85 per cent of it was in the hands of the private sector.
“They [governments] wanted to partner with industry to protect that infrastructure but agreed to let the industry regulate," he said. "The market doesn’t do that very well.
“People who make products and manage infrastructure are the first line of defence. It has been said that an ounce of prevention is worth a pound of cure but, in the IT world, it is worth a ton of cure.
“If we don’t do this as an industry then we are not doing our public duty. We all have a role to play in the bigger picture.”
Charney used phone companies as an example of what technology companies must strive to achieve.
“Phones have high levels of reliability and security,” he said. “People expect to have privacy on their calls.
“The phone companies have good brand and have developed the trust of users. To move computers to the next level, we need to focus on security, reliability, privacy and business integrity.”