At Microsoft's Financial Analysts Meeting, Bill Gates and Ray Ozzie stress the importance of delivering tooling to help programmers write more secure code and better applications.
REDMOND, Wash.Security remains one of the biggest concerns for Microsoft over the coming year and beyond.
Microsoft chairman and chief software architect Bill Gates and Ray Ozzie, a Microsoft chief technology officer, spoke on a wide range of issues, but they singled out security as among the key focuses of the company. The two spoke in a fireside chat format at the Microsoft Financial Analysts Meeting here Thursday.
"If you look at our whole R&D effort, security would be the biggest thing," Gates said.
Indeed, the security space has spawned innovation at Microsoft, particularly around delivering tooling to help programmers write more secure code and better applications, Gates said.
Ozzie, whose Groove Networks is now part of Microsoft, said he felt fortunate to have been able to put together a lot of complex code at Groove, but the effort to build complex systems was enhanced with Microsofts tools.
"Microsoft has made huge investments in terms of security in tools" to help thwart hackers, particularly those moving from system-level attacks to application-level ones, Ozzie said.
"Microsoft has tools that will be in Visual Studio 2005 to do static code analysis," he said. "Its a tremendous experience. The tools came from Microsoft Research and represent a great example of technology transfer."
Gates said the complexity of applications today consists of tens of millions of lines of code. "When you have somebody with evil intent probing for any mistake," developers need more protection, he said.
Therefore, Microsoft is offering tools such as PreFast, Prefix and FXCop to weed out code vulnerabilities, and Microsoft developers cannot check in their code into the corporate code tree without running it through these tools, Gates said.
"Another thing is authentication; people seek the weakest link in the chain," Gates said. "Passwords are never going to be, as a single proof point, good enough," so things such as smart cards and biometrics are good adjuncts.
Microsoft Research, which turned out the Microsoft code security tools, is "the best investment the company ever made," Gates said.
He said the companys research and product groups work hand in hand, largely because many of the researchers want to see their efforts implemented in products.
"I was amazed at the number of projects where researchers are working hand-in-hand with product teams, said Ozzie, who joined Microsoft in April when Microsoft acquired Groove.
Read more here about Microsofts acquisition of Groove Networks.
Meanwhile, Gates noted that although Microsoft is coming from behind in Web search capability, the company is "lucky" in that the status quo of Web search is not so advanced and lacks things such as advances in personalization. Moreover, regarding search, Microsoft is innovating around "taking the world of structured data and documents and bringing them together," he said.
Ozzie said he has gained a lot of respect for the management processes at Microsoft, in that "it feels at every level like a startup. There is a passion and a motivation to move things forward."
Gates said that is the challenge of having such a broad-based portfolio. He said he encourages the different product groups to work together, noting that many of Microsofts key competitors are one-product companies.
Meanwhile, Ozzie said the peer-to-peer infrastructure coming from Groove will be a benefit in balancing decentralized systems. And "what has excited me about coming to Microsoft, having worked in collaboration, is that Microsoft has made significant investments in real-time collaboration."
Check out eWEEK.coms for Microsoft and Windows news, views and analysis.
Darryl K. Taft covers the development tools and developer-related issues beat from his office in Baltimore. He has more than 10 years of experience in the business and is always looking for the next scoop. Taft is a member of the Association for Computing Machinery (ACM) and was named 'one of the most active middleware reporters in the world' by The Middleware Co. He also has his own card in the 'Who's Who in Enterprise Java' deck.