Aucsmith: Proof Lies in Windows Server 03
In an interview with eWEEK, Microsoft's Dave Aucsmith says Windows Server 2003 will be the real measure of Microsoft's security progress.SAN FRANCISCOThere is a small group of true lifers in the security industry, and Dave Aucsmith is one of them. He began working on signal security several decades ago during his time in the military and then spent several years as the chief security architect at Intel Corp. Add to that his deep knowledge of cryptography and the 27 patents he holds, and you see why Microsoft Corp. hired him last August as a security architect in the new Security Business Unit. Aucsmith is now that groups chief technology officer and is responsible for the overall security architecture of all of Microsofts products. Senior Editor Dennis Fisher caught up with Aucsmith at the RSA Conference here to talk about the SBU, Trustworthy Computing and the Next Generation Secure Computing Base, the technology formerly known as Palladium. eWEEK: Tell me a little bit about what youre trying to accomplish inside the SBU. Aucsmith: My job is to put a unified architecture in place underneath all of these various security products and technologies. I try to combat the problem of all of the utter confusion that we give to our customers, developers and users. That problem developed historically, over time. It wasnt until very recently that the whole became important to us. It takes us about a year or 18 months to develop a new operating system, and were running pretty fast. We really cant push it much faster than that because of all of the testing we have to do. But the bad guys are running much faster than us. Out of the gate, theres a disparity in the way we can respond to changing threats. We use patch management. But the second part is what I call remedial security, which is things like anti-virus. We want to make it easier for other vendors to protect software and users by using things like the APIs we just put into Exchange. We want to make sure theres a ripe and productive community of people adding security to these products.
eWEEK: What kinds of things are you doing on a daily basis to make products more secure?