Commentary: Leader or lobbyist?

By John Pescatore, Gartner Analyst The reputation and experience of Scott Charney, Microsoft's new security chief, could help elevate the importance of security in Microsoft's management culture--if the company is ready to listen to him.

But an important question arises: Will Microsoft's chief security strategist focus on internal culture change or external marketing?

Charney is unquestionably an unusual choice for a leadership position with a highly aggressive defender of market-driven capitalism like Microsoft. In his years as head of the Department of Justice's computer crime and intellectual property section, he was a strong proponent of encryption export control policies and key escrow proposals that software vendors--including Microsoft--fought vigorously.

	See news story: Microsoft appoints new security chief

More recently, as a high-level principal in PricewaterhouseCoopers' Washington, D.C., office, he published a paper, "The Internet, Law Enforcement and Security," that advocated the need for increased legislation and government intervention to achieve necessary security levels.

Charney's strong background in the legal, forensic and prosecutorial aspects of computer security could certainly serve Microsoft well. Moreover, his Washington contacts and his experience with the legislative process--in the United States and elsewhere--may help the company in its fight against legislation making software vendors liable for security defects.

This would, however, represent an abrupt reversal of position for Charney, even by the highly flexible standards of Washington's revolving-door appointments. Even more troubling, it would also indicate that Microsoft--despite its highly publicized recent commitment to increasing the security of Windows products--is still more interested in creating an image of security than in developing truly secure products.

For Charney to have any real, positive impact on the software maker's security practices, his efforts must be focused internally--on the urgent need to turn Microsoft's talk about increased security into meaningful action.

Gartner is concerned that Charney may be used more as an externally focused lobbyist trying to convince domestic and international legislators that government pressure is no longer needed for companies like Microsoft to produce secure software. Such a focus would represent an awkward turnaround for Charney--and a regrettable step backward for Microsoft.

(For a related commentary on Microsoft's security issues, see gartner.com.)

Entire contents, Copyright © 2002 Gartner, Inc. All rights reserved. The information contained herein represents Gartner's initial commentary and analysis and has been obtained from sources believed to be reliable. Positions taken are subject to change as more information becomes available and further analysis is undertaken. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of the information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof.