Microsoft's Trustworthy Computing Group Turns 10

A decade after Microsoft got serious about PC security, it's a leader in the field.

It was ten years (and a week) ago that Bill Gates announced to all Microsoft employees that the company was creating a new group that wasn't designed to make a dime of money, but it would become a major player in the company.

In his memo announcing the Trustworthy Computing initiative, Gates called upon employees across the company to fundamentally rethink their approach to product development and work to deliver much more secure products.

"Today, in the developed world, we do not worry about electricity and water services being available. With telephony, we rely both on its availability and its security for conducting highly confidential business transactions without worrying that information about who we call or what we say will be compromised. Computing falls well short of this, ranging from the individual user who isn’t willing to add a new application because it might destabilize their system, to a corporation that moves slowly to embrace e-business because today’s platforms don't make the grade," Gates wrote in the memo.

The TwC group was meant to get everyone else inside Microsoft to focus on security and privacy issues facing the software industry. This lead to internal changes of Microsoft's development procedures, and to the outside world, it led to Patch Tuesday, the monthly release of fixes that come out on the second Tuesday of every month.

Inside Microsoft, this change in policy led to the Microsoft Security Development Lifecycle (SDL), which also incorporates privacy development practices. "Microsoft products developed under the SDL have delivered more secure and private computing experiences for customers. Software mitigations and protections also raised the bar for potential attackers," wrote Scott Charney, corporate vice president of Trustworthy Computing in a blog posting commemorating the decade of TwC.

In the area of reliability and privacy, Microsoft fixed up the Windows Error Reporting tool, which has led to fewer system crashes, increasing productivity and alleviating user frustration. Microsoft was also one of the first companies to publish privacy standards for developers and to provide consumers with layered privacy notices.

We've seen tangible proof of Microsoft's efforts to secure its products as Windows and Internet Explorer have been "hardened" over the years, with fewer and fewer significant exploits. Most malware has moved out of those two spaces and into the app layer.

TwC has also moved into fighting malware. Microsoft has also introduced a decent batch of free malware removal tools and has done a bang-up job of marshalling resources and law enforcement to take down some of the biggest botnets on the Internet.

TwC isn't going to bring profits into Microsoft the way the Windows, Office or Tools groups do, but it has paid off for the company over the years.

• Endpoint Security
• Microsoft
• development
• management
• Microsoft
• security
• Trustworthy Computing