A Foundation Of Trust

The era of irresponsible programming ended on Sept. 11, 2001. A civilization under siege will not tolerate any product that leaves institutions - even entire populations - exposed to attack.

Download the authoritative guide: How to Develop an IT Security Strategy

In the introduction to Go To (Basic Books, October 2001), a compelling new history of software as seen through the eyes of the men and women who invented it, The New York Times Steve Lohr offers a single quote that encapsulates the relentless challenge of programming.

It is a line from the memoir of Cambridge Universitys Maurice Wilkes, one of the great pioneers of computing, describing an epiphany that came upon him one day in 1949: "The realization came over me with full force that a good part of the remainder of my life was going to be spent in finding errors in my own programs."

More than a half-century later, the Sisyphean reality of software debugging that Wilkes first sensed at the dawn of the digital age looms larger than ever - and with enormous consequences for our world. Until recently, programming errors ranged from mere annoyances if your data was backed up to expensive setbacks if it was not. But today, with the ascendancy of the Internet, the stakes are far higher. As applications, platforms and infrastructure become inseparable co-dependents, a single bug in the wrong line of code could render us vulnerable to an attack resulting in catastrophic disruptions of commerce, finance and communications.

Suddenly, best programming practices are a matter not just of commercial integrity, but of national security. Its time for software developers to step back from the market frenzy that has defined their efforts for the past two decades and consider the social consequences of their mistakes. Its time to stop rushing to market with defective operating systems and shoddy applications. Its time to fix the code thats already out there, riddled with bugs that persist through multiple revisions because developers just assume that new features are more marketable than security.

Further reading

Ive got news for them: The era of irresponsible programming ended on Sept. 11, 2001. A civilization under siege will not tolerate any product that leaves institutions - even entire populations - exposed to attack.

I suspect that Microsoft, especially, is about to get a rude wake-up call from the market. While its new Windows XP is considerably more stable than previous versions of the OS, early reports indicate that its still in need of fumigation. And though human error can be forgiven with evidence of earnest effort, even a perfunctory examination of XP reveals that Microsoft invested the bulk of its programming effort not in stability, reliability and security, but in attempts to dominate new markets and, more ominously, the Internet itself. Even those of us who admire the companys aggressive business tactics are left shaking our heads in amazement at the sheer meanness of XP.

As far back as July, The Wall Street Journal reported: "From photography to phone service, music to banking, companies across the economy have been waking to find Microsoft riding its operating system into their markets - even as it was awaiting the outcome of the landmark antitrust case."

This is clearly a company bent on owning every nook and cranny of cyberspace, a company whose partners see themselves as victims-in-waiting and whose appetite for subjugation knows no limits. All of which would amount to little more than capitalism at its Darwinian finest were it not for one detail: The invisible foundation of a free-market system is trust. Microsoft, by focusing its efforts on rapacious conquest instead of on the growing security concerns that now dominate corporate America, is rapidly losing the trust of its most crucial customers - the business and IT professionals whose purchasing decisions define standards for the industry.

This will mean little in the short term. In fact, I expect XP to be one of the most popular platforms ever developed.

But no matter how aggressively the companys Passport scheme is exploited in XP, Microsofts legacy of continually placing corporate appetite ahead of its customers needs is going to doom its .Net initiative. Unless Bill Gates, Steve Ballmer and Jim Allchin quickly embrace Wilkes epiphany from all those years ago, XP is going to end up being nothing more than a bloated, static client platform; the Internet itself will be powered by Linux, Solaris and an authentication standard built on Sun Microsystems Liberty Alliance Project.

None of us can afford to spend the rest of our lives paying for the mistakes in Microsofts programs.