Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Microsoft Making Security Inroads

    Written by

    Darryl K. Taft
    Published June 3, 2003
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      DALLAS—When Microsoft Corp. is faced with a hard problem, it can call on Microsoft Research to help furnish answers. Security remains a hard problem, and Microsoft Research is providing some core technologies to help deliver Microsofts answer to the issue.

      In reference to finding answers to the problems around securing the online environment and data overall, Scott Charney, Microsofts chief trustworthy computing strategist, said, “[Microsoft Research has] a huge role to play.”

      In an interview with eWEEK at the here, Charney said Microsoft Research provided some of the tools the company uses to check the security of code. “And were working with them on longer-term research … like core things about how the [software] stack works,” he said, adding that Microsoft Research also has done some work in the identification space.

      At that he whipped out from his wallet a sheet of paper the size of a business card that holds his “Face Cert” identification. The Face Cert is a system Microsoft Research developed that includes an individuals picture, some text, a code number and a digitized image of the persons photo made into a bar code. It works by being signed by a private key that can be matched to a public key, Charney said.

      Microsoft Research continues the work of the Microsoft product teams in implementing security. “They are looking at the threat model, etc.,” he said. “Security is deep research.” In fact, the research angle plays into the Microsoft security road map, he added.

      Meanwhile, new things to look for thanks to Microsofts Trustworthy Computing initiative include new patch management technology. “We need to help users get secure and stay secure,” Charney said. “We need an easier way to load a product and get it up to the current security state.”

      Also, look for new privacy support. “We need to make significant inroads on spam,” he said. “We need to get a law passed, and we need to provide more control for people over their relationship with Microsoft and their information.”

      In addition, Charney said, Microsoft is looking to deliver more tools that enable users to report problems back to the company.

      After the security push on Visual Studio .Net—to try to promote the delivery of secure code—and Windows Server 2003—on which Microsoft has spent $200 million on security—the push is now on to secure mobile devices.

      Page Two

      Yet, critics, particularly some in the Unix and Java arenas, have taken potshots at Microsofts history of security glitches.

      “How do we know if were going to be effective?” Charney asked. “Well, its still early with Windows Server 2003, but two measures I will look at are: How many [security] bulletins get released and how severe are the bulletins?”

      To critics, Charney had this response: “You have every right to be critical, and our track record on security is nothing to write home about, but watch for the results” going forward. Microsoft announced Charney as its new chief security strategist in January 2002, and he took over the role in April 2002.

      Security is not something that just seeps into the culture of an organization, and Charney said he has had to work at making it a priority at Microsoft.

      “We have to shift the cultural outlook of the company,” he said. “We have a breakfast series on Trustworthy Computing, and weve been able to fill the room with developers.” It did not hurt his cause that the security edict came straight from the top of the company: Microsoft Chairman Bill Gates.

      As for developers and seeding security into the development process, Charney said, “We learned it has to enter into the developers mindset before they start coding. You need a quality assurance process around security. We want to take tools and foster a culture of good security-based coding.”

      Threat modeling and penetration testing are two ways to help ensure secure and high-quality code, he said.

      Yet, overlaying insecure applications on security-enabled platforms is no improvement, he said.

      “Ultimately, as we get to the next generation we want to get to trusted applications that look for trusted environments to run in,” Charney said.

      Microsoft is looking to productize tools that detect buffer overruns. “We want to productize that and put it into Visual Studio,” he said.

      On the spam front, Charney said he believes its going to take a combination of technology, industry cooperation, anti-spam legislation on a national level and an equally concerted effort globally to really tackle the problem.

      Darryl K. Taft
      Darryl K. Taft
      Darryl K. Taft covers the development tools and developer-related issues beat from his office in Baltimore. He has more than 10 years of experience in the business and is always looking for the next scoop. Taft is a member of the Association for Computing Machinery (ACM) and was named 'one of the most active middleware reporters in the world' by The Middleware Co. He also has his own card in the 'Who's Who in Enterprise Java' deck.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×