WASHINGTON — Microsoft Corp. is wasting no time implementing the Trustworthy Computing initiative that Bill Gates outlined in his all-company memo last month.
Speaking to a group of privacy and security officers at the Privacy and Data Security Summit here Friday, Richard Purcell, Microsofts corporate privacy officer, outlined an extensive privacy program that requires every department to survey itself on a prescribed set of policies and produce a so-called PHI (Privacy Health Index).
Under the plan, which Microsoft is currently implementing company-wide, departments may see their budgets slashed if they dont deliver an acceptable score on the survey.
The measurement process will essentially be ongoing all the time, Purcell said, but each department will be required to submit their scores along with their bi-annual budget requests. The program is based on a 100-page internal document called the Privacy Directive that lays out all of the companys privacy goals.
Gates, the companys chairman and chief software architect, wrote a long memo to all Microsoft employee last month in which he decreed security to be the companys top priority. He also said that privacy and reliability will play larger roles in the companys future development efforts.
Purcell said the PHI program and the Trustworthy Computing initiative in general are both just the beginning of a series of corporate changes that Microsoft is undertaking in anticipation of the day when computing is no longer performed just by PCs.
As part of that effort, Microsoft, of Redmond, Wash., has imposed a ban on the writing of new code during February and instead will focus all of its developers efforts on combing through the billions of lines of existing code in its products in a search for bugs and security flaws.
That, Purcell said, should be a good indication of how serious Microsoft is about its renewed focus on security and privacy.
And, if the focus shift pulls resources away from developing new features, so be it.
