Microsoft Names New Security Chief

Fathi, who most recently served as general manager for storage and high availability in Microsoft's Windows division, replaces security technology unit chief Mike Nash, effective immediately. In a statement released Thursday, Microsoft said Nash would be "transitioning out of his position and taking a well-earned sabbatical beginning June 1. "

Nash, corporate vice president of Microsoft’s Security Technology Unit (STU) will assume another role at the Redmond, Wash., software vendor this fall, Microsoft said. A company spokeswoman said that Nash isn’t being demoted and his succession is part of organizational changes that Microsoft unveiled earlier this week.

On Tuesday, Microsoft announced that the Windows Vista client operating system will be delayed for general release until early 2007. The company cited quality issues but declined to specify which aspect of the development project was responsible for the delay.

STU is a key part of the Client Operating System Division (COSD), Microsoft said. The company reorganized into eight new and current divisions this week.

Nash's replacement is the only major change in the leadership of the STU team. But Microsoft also announced this week that Office executive Steve Sinofksy will assume leadership of the overall Windows team when Jim Allchin, the current chief and co-president of Microsoft's Platform and Services Group, retires after Vista’s release next year.

Despite ongoing holes and vulnerabilities discovered in Internet Explorer and Windows, including a critical issue discovered Thursday, Microsoft cited Nash's contributions to improve Windows' security during the past four years.

Nash was appointed to the newly formed STU when Microsoft's security woes reached crisis status, as corporate and consumer customers faced serious consequences, crashes and data loss from bugs and worms infesting their PCs and servers. The sudden rise in exploits seemed to threaten Microsoft's market leadership.

Nash oversaw the development of Windows XP Service Pack 2 (SP2), the adoption of the Security Development Lifecycle throughout the company, the acquisitions of GeCAD and Giant Software, and the creation of Microsoft's homegrown security products, including the core antivirus engine, firewall and Windows Defender.

In an e-mail sent Thursday, Fathi said he would be taking the torch from Nash and focusing on Microsoft’s next-generation security initiatives discussed at the RSA Conference, including identity management, simplicity in security, and innovation in Windows Vista and the next Windows client, code-named Vienna.

"As we are well on the way to delivering against our Windows Vista commitments, it's the right time for Mike [Nash] to take a well-deserved break from the world of security to recharge before he returns to a new challenge," Fathi wrote in the memo to members of the STU team, which was released to the media.

Still, Microsoft this week identified another new, critical vulnerability affecting Internet Explorer 6 and the Internet Explorer 7 Beta 2 that will be offered as part of Vista and lso as a stand-alone browser on Windows XP.