Microsoft wants software to be 'public utility'

Microsoft wants software to be 'public utility'

Acknowledging 'too many vulnerabilities in the product,' Microsoft Corp. vice president Mike Nash said software must achieve 'the same level of trust as a public utility' that supplies 120 volts reliably from every electrical outlet. Nash heads the security business unit that early this year enforced a 10-week stand-down of all development at Microsoft while 11,000 coders learned about threat modeling and peer-reviewed each other's work.

Nash said Visual Studio .Net is the first product to emerge from the company's 'security push process.' Windows .Net Server 2003, he said, will come out somewhat later than planned because of the security push, and it will arrive with Web server features turned off, because they otherwise could present a security vulnerability if customers did not use them. He said the goal is to make software 'secure by design, by default and by deployment.'

The Web site has become the test bed for all the company's enterprise-level products, Nash said, because 'no uniform resource locator or domain has more hack attempts.'

Nash said Microsoft chairman Bill Gates was prompted by the importance of software in daily life and commerce to consider security as 'an industry problem.' The company's security emphasis will not only be a change in philosophy but will change the behavior of its engineers and managers, he said.

Microsoft aims to 'reduce the number of vulnerabilities that customers find in the products,' Nash said, by such means as rigorous reviews before release. 'It is clear we have a lot of work to do,' he said. 'This will never be over. It has to be ingrained.'


  • senior center (vuqarali/

    Bmore Responsive: Home-grown emergency response coordination

    Working with the local Code for America brigade, Baltimore’s Health Department built a new contact management system that saves hundreds of hours when checking in on senior care centers during emergencies.

  • man checking phone in the dark (Maridav/

    AI-based ‘listening’ helps VA monitor vets’ mental health

    To better monitor veterans’ mental health, especially during the pandemic, the Department of Veterans Affairs is relying on data and artificial intelligence-based analytics.

Stay Connected