Microsoft Gives Update On Security Initiative


Microsoft is going through a major cultural shift in its efforts to make security a priority, said Craig Mundie, the software giant's chief technical officer and senior vice president, advanced strategies and policy.

Mundie provided an update on Microsoft's trustworthy computing initiative in a talk held here at the company's campus Wednesday.

"We're in the process of creating a cultural change in the company," he said.

Microsoft's focus on security required changing the old way of product development, which focused on attracting customers with plenty of new features, some of which wound up being the source of security holes, he said.

Earlier this year, the company stopped all development on Windows for two months in order to check for security holes, he said. Windows programmers receive security training and the research and development budget associated with security has tripled to 40 percent in some groups at the company, he said.

He reiterated the company's three-pronged strategy: Secure by design, secure by default and secure in deployment. Some of the steps Microsoft has taken to make its products secure by default include blocking access to insecure wireless LANs in Windows XP Service Pack 1.

Microsoft also will "begrudgingly forsake certain application compatibility" if that compatibility doesn't allow for security, Mundie said.

He declined to provide details about the company's Palladium initiative, which the company disclosed earlier this year. Palladium is a hardware/software platform that aims to create secure computing devices.