Microsoft Making Security Inroads

In an exclusive interview at Microsoft's TechEd conference, security chief Scott Charney lauds the role Microsoft Research is playing in delivering security solutions, while detailing the progress already made in getting a handle on security, as well as w

DALLAS—When Microsoft Corp. is faced with a hard problem, it can call on Microsoft Research to help furnish answers. Security remains a hard problem, and Microsoft Research is providing some core technologies to help deliver Microsofts answer to the issue.

In reference to finding answers to the problems around securing the online environment and data overall, Scott Charney, Microsofts chief trustworthy computing strategist, said, "[Microsoft Research has] a huge role to play."

In an interview with eWEEK at the here, Charney said Microsoft Research provided some of the tools the company uses to check the security of code. "And were working with them on longer-term research … like core things about how the [software] stack works," he said, adding that Microsoft Research also has done some work in the identification space.

At that he whipped out from his wallet a sheet of paper the size of a business card that holds his "Face Cert" identification. The Face Cert is a system Microsoft Research developed that includes an individuals picture, some text, a code number and a digitized image of the persons photo made into a bar code. It works by being signed by a private key that can be matched to a public key, Charney said.

Microsoft Research continues the work of the Microsoft product teams in implementing security. "They are looking at the threat model, etc.," he said. "Security is deep research." In fact, the research angle plays into the Microsoft security road map, he added.

Meanwhile, new things to look for thanks to Microsofts Trustworthy Computing initiative include new patch management technology. "We need to help users get secure and stay secure," Charney said. "We need an easier way to load a product and get it up to the current security state."

Also, look for new privacy support. "We need to make significant inroads on spam," he said. "We need to get a law passed, and we need to provide more control for people over their relationship with Microsoft and their information."

In addition, Charney said, Microsoft is looking to deliver more tools that enable users to report problems back to the company.

After the security push on Visual Studio .Net—to try to promote the delivery of secure code—and Windows Server 2003—on which Microsoft has spent $200 million on security—the push is now on to secure mobile devices.