By John Pescatore, Gartner analyst
Microsoft has committed to making its products more secure and worthy of
customers' trust. The philosophy outlined in a memo from Bill Gates this week lays out most of the imperatives that Gartner believes are necessary for Microsoft to change
the software maker's long-established product management and development culture.
Microsoft became the world's most powerful software company by building
software that gave the individual the control. Upgrades and new software always
included more features to allow people to do more things. Product managers
got promoted by shipping software on time with enough new features to compel
customers to upgrade. Crashes and sloppy programming that left gaping holes for
hackers became problems of secondary importance.
With the Internet, however, security vulnerabilities became exposed to
attack from any savvy programmer on the planet. If Gates' realignment of
Microsoft to the Internet in 1996 had made security a prime concern for new
Internet features, enterprises would have avoided many billions of dollars
of cleanup costs because of the long list of viruses and worms that have
struck Internet-connected servers and PCs.
Gartner believes that Microsoft is serious about making this shift because
its .Net strategy will fail if the security initiative fails. Nevertheless,
changing the management and development culture of such a large company
poses a huge challenge, and it won't happen quickly.
Previous Gates memos brought results in less than a year, but the Internet
and .Net visions played to Microsoft's instinctive worship of new features.
Even with full commitment to security, Microsoft will need time to demonstrate support
for a product manager who ships a safe product later or whose product takes
longer for customers to adopt because it includes fewer new features to
enhance safety. Gartner believes that concrete results from this new
initiative will appear no earlier than first quarter 2003.
The new vision outlined by Gates lacks a focus on software safety that would
help keep people from hurting themselves--much as an automatic transmission
requires the driver to step on the brake before the car can be put in gear.
Operating system interfaces could, for example, allow trusted antiviral
software to ask the operating system to block execution of new programs
until the software can update its signature.
Corporations should make it clear to Microsoft that they will base their use
of .Net services and future Microsoft software products on clear evidence
that they have become more trustworthy. Customers should monitor the company's
progress and vote with their checkbooks--that is, by buying or not buying
(For a related commentary on Microsoft's security vulnerabilities, see gartner.com.)
Entire contents, Copyright © 2002 Gartner, Inc. All rights reserved. The information contained herein represents Gartner's initial commentary and analysis and has been obtained from sources believed to be reliable. Positions taken are subject to change as more information becomes available and further analysis is undertaken. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of the information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof.