End-To-End Trust Leaves Us Short

I think most observers, including myself, were pretty taken aback by Microsoft's lead announcement at RSA, of their End-To-End Trust industry call to action. I'm not sure it was so much shock as it was confusion -- no one expected it, especially from Microsoft.

Everyone takes shots at Microsoft when it comes to security, due to a legacy of products ladened with security vulnerabilities, but you have to give Microsoft its due respect in a couple of aspects. First, their Trustworthy Computing efforts have resulted in more secure/less vulnerable Microsoft products. Vista bashing aside, we don't see the plethora of vulnerability announcements we did in previous Windows OS generations. And though we don't commonly think of Microsoft as a security product company, they do have very widely used technologies in identity management, access control, firewalls, and policy management that put them squarely in the security business, whether we want to see it that way or not.

In this case Microsoft is taking the next step in their "extreme security corporate makeover", applying the principle, declare your weakness a strength. While it's easy to see End-To-End Trust as non-credible because Microsoft is blowing the horn, you have to give them credit for having the courage to try and lead the charge, knowing they'll take tons of heat from their detractors.

The big question is; What's next? What will Microsoft do to take this call forward? Will they get involved in current industry organizations already working on such measures, or will they form new ones, expecting others to follow? End-To-End Trust is such a broad and all encompassing idea it would really require Microsoft to see beyond its own corporate interests, which again presents credibility challenges since so many see Microsoft's dominance as the problem, not the solution.

But Gates is leaving, and his cache has been moving into philanthropic interests. Is End-To-End something he'll take up upon leaving Microsoft? Hmm... doubtful. It just doesn't seem to fit. Where Microsoft goes next with this whole end-to-end idea is very much an open question.

Like this? Here are some of Mitchell's recent posts.

Yahoogle! Yahoo Goes Gah Gah For Google

"Sterling" Beta Brings Forefront Front and Center

The funny little things I picked up on at RSA 2008

Google One Ups Microsoft Again-Google App Engine

Blogging From RSA 2008

Mitchell's Hottest Blog Posts: Google Scoops Microsoft-Delivers Mesh FirstHyper-V Leaves Linux Out In The Cold, Apple Fixes Open Source Vulnerabilities, What Microsoft Mesh Means To You, Apple iPhone Doomed To Failure.

Check out Mitchell's Converging On Microsoft Podcast. Current Podcast Episode: Security Mike Gets Serious About Security

Also visit Mitchell's personal blog The Converging Network and SSAATY Security Podcast. Visit Microsoft Subnet for more news, blogs, opinion from around the Web. Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.