Microsoft has come far to deliver on its "Trustworthy Computing" promise, but more needs to be done, Microsoft Chairman and Chief Software Architect Bill Gates said in an e-mail late Thursday.

"While we've accomplished a lot in the past year, there is still more to do - at Microsoft and across our industry," Gates said in the e-mail sent to a mailing list that is part of a Microsoft marketing effort called Executive E-mail.

The e-mail comes a year after Gates announced the Trustworthy Computing initiative, a Microsoft-wide focus on securing its products. As part of that initiative, Microsoft halted the development work of thousands of software engineers for 10 weeks to train them to look at software like hackers do. This resulted in the in-house discovery of many security bugs, Gates said.

In the past year, Microsoft created new product design methodologies, coding practices, test procedures, incident handling and support processes to improve the security of its products, according to Gates. Microsoft spent some $200 million on improving Windows security alone, he wrote.

"A secure computing platform has never been more important. Along with the vast benefits of increased connectivity, new security risks have emerged on a scale that few in our industry fully anticipated," Gates wrote. He cited data from the Computer Security Institute and the FBI that cyberattacks caused an estimated $455 million in damage in the U.S. in 2001.

This year, Microsoft will release several new products that have gone through its new security review process. Windows Server 2003 is now due in April, after several delays. New versions of the SQL Server database, Exchange Server messaging software and Office productivity software are also planned.

When the products become available, users will notice that many features potentially posing a security risk will be disabled by default. In the past, a feature was typically enabled by default if Microsoft thought there was any possibility that a customer might want to use it, Gates wrote.

In the future, marrying software and hardware security on a PC will help eliminate "weak links" in computer systems, Gates said, referring to Microsoft's Palladium project. Palladium has been hailed as either a potential savior or a scourge for computer security and user freedom.

The IDG News Service is a Network World affiliate.