Microsoft Shelled Out Millions on Security

Microsoft has spent more than $100 million on security, Gates said in an email to customers Thursday.

Microsoft Corp. over the last six months has spent more than $100 million on its much-hyped effort to improve the security of its products, Bill Gates told customers in an email sent Thursday.

Most of that cost came from the forced hiatus from writing code that all of the companys developers took earlier this year. Microsoft ordered 8,500 software engineers to halt their development efforts and instead turn their attention to an intensive review of the existing Windows source code.

The review was scheduled to last a month, but lasted nearly two months, Gates wrote in the email, which he sent to customers who had subscribed to one of Microsofts electronic newsletters.

While the $100 million price tag may sound high, its hardly ruinous for a company that on Thursday reported net income for the second quarter of more than $1.5 billion on revenue of more than $7.2 billion.

Gates, the Redmond, Wash., companys chairman and chief software architect, also outlined some of the other steps Microsoft has taken as part of its Trustworthy Computing effort. Chief among these is the new philosophy of putting security ahead of virtually every other goal in the design process.

"While we are continuing to invest significantly in delivering new capabilities that customers ask for, we are now making security improvements an even higher priority than adding features," Gates wrote. "We have changed the way we design and develop software at all phases of the product development cycle. Our new processes should greatly minimize errors in software."

Gates also mentioned the Software Update Service (SUS), which enables administrators to automatically deploy patches and updates; and the Microsoft Baseline Security Analyzer, which scans machines for missing patches and insecure configurations, as examples of the progress the company has made.

In the memo, Gates also called on customers to aid Microsoft in its effort to build more secure systems. He urged them to use the Windows Update and SUS services, while also pushing customers to download Internet Explorer 6.0 "to take advantage of its increased reliability and security and privacy features."

  • More Security Coverage