January 12th marks the ten year milestone of Bill Gate's memo on Trustworthy Computing. "Ten years ago on January 12, 2002, during a time when security problems were threatening trust in software products, Bill Gates sent an email to all Microsoft full-time employees announcing the creation of the Trustworthy Computing (TwC) initiative," blogged Microsoft.
Around this time there were a series of high profile cyber attacks including Nimda, Code Red and the "I Love You Virus", that was causing uncertainty amongst customers and consumers with regards to the technology they were using everyday. It underscored a need to improve security, privacy and reliability of technology.
Gates' memo called upon employees across the company to fundamentally rethink their approach to product development and strive to deliver products that are "as available, reliable and secure as standard services such as electricity, water services and telephony."
"In Bill's original email, he identified three core attributes - security, privacy and reliability - that we had to develop in our software and services," said Scott Charney, corporate vice president, Microsoft Trustworthy Computing. "In the memo, Bill said that technology was going to be integrated in our lives in a far more rich way and would impact everything we do. That was one of the reasons it was so critical to get these three attributes right."
Microsoft responded with the Trustworthy Computing Initiative (TwC) and there have been many milestones along the way:
- We've added better instrumentation to Windows through Windows Error Reporting which has reduced system crashes and improved reliability.
- Privacy - Microsoft was the first company to publish privacy standards for developers and to provide consumers with layered privacy notices.
- Secure and Privacy Development Practices - The Security Development Lifecycle (SDL) is probably the most well known outcome of the Trustworthy Computing initiative. It focuses on privacy development practices incorporating industry best practices for writing secure code. This is something I talk about a lot whenever I talk about security in our software. The SDL practices are embedded in how our software is now developed. It's also become an industry leading software security assurance process that aims to help customers improve the security of their software.
- During this time we included Windows Defender as part of the Core Operating system, released free products such as Microsoft Security Essentials and the Malicious Software Removal Tool to make sure it's easy to keep systems protected, Microsoft stated.
The info graphic below illustrates some of this work: (click to enlarge)
Now, as TwC enters its second decade, they are just as important. With the rise of cloud computing, the evolving role of government and emerging cyber threats, we will continue to build on our decade of experience to break new ground and help people realise the full potential of the cloud.