Home > Members > Research > April 2004: Making Software More Secure

Research Report: Making Software More Secure

Table of Contents

Michael Cherry [email] [bio]
Posted: Mar. 1, 2004

Executive Summary
While Microsoft has made significant progress addressing security vulnerabilities, product reliability concerns, and privacy issues, much work remains before computers are as ubiquitous and dependable as telephones

Introduction
Trustworthy Computing is Microsoft's long-term initiative to make its products as safe, usable, and reliable as the telephone

Secure by Design
Making products secure by design requires keeping security in mind through all phases of development

Secure by Default
Making products secure by default requires installing only the features users really need and installing them with the safest possible configuration

Secure by Deployment
The lack of tools to determine the security state of computers and bring them up to date with necessary patches is hurting Microsoft's secure by deployment efforts

Security Communications
Helping customers learn about vulnerabilities and patches, and how to use products securely, requires open and complete communications

Reliability
If users are to rely on computers in the same way that they rely on phones, then computers must be more dependable and available

Privacy
As it did initially with security, Microsoft is using its framework to drive improvements for the privacy pillar of its Trustworthy Computing initiative

Business Integrity
As part of its commitment to corporate responsibility and to enhance the perception of its business integrity, Microsoft must ensure that all employees comply with its standards of business conduct

Conclusion
Future Trustworthy Computing advances will require ever-greater levels of consistency and coordination across historically autonomous product divisions

Appendix A, Next-Generation Secure Computing Base
Microsoft's Next-Generation Secure Computing Base is new security technology that is the cornerstone of its long-term plans to better secure the PC

Appendix B, Trustworthy Computing Glossary
A glossary describes the unique vocabulary of Trustworthy Computing

Appendix C, Resources
A listing of useful links for additional information on Microsoft's Trustworthy Computing initiative

[Reprints of this report are available to subscribers for US$5.00/per copy (minimum order size of 50 copies) by calling 425-739-4669 or emailing service@directionsonmicrosoft.com.]