Trustworthy Yet?
description
Transcript of Trustworthy Yet?
Trustworthy Yet?
An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security
practitioners
Our Panelists
KEN TYMINSKI
CISO Prudential Financial of America
JOSEPH COOPER, CISSP
Chairman & CEO Digital Defense
JONATHAN PERERA
Senior Director of Product Management Microsoft’s Security & Technology Unit
Microsoft’s Beginnings
Gates’ Mandate
“Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services and telephony.”
--Bill Gates, January 17, 2002
Trustworthy Milestones 2002
Retrained 11,000 developers and engineers
Revamped MSRC
Retrofitted XP (SP1) and Win2K (SP4)
Released MBSA
Replaced the complier in Win2003
Released Win2003 with services off by default
Changed philosophy on shipping products
Trustworthy Milestones 2003
Released SQL Server 2000 SP3
Improved Exchange 2003 & Office 2003
Changed vulnerability announcements
Launched ISA 2000 FP1
Released patching tools
Acquired AV company, formed alliance
Trustworthy Ambitions
Windows XP (beta; due summer ’04)
Integrating WUS with Windows, other apps
Active defenses, synergistic strategy
Substantial more secure OSes & apps: Yukon (SQL), 2005; Longhorn (Windows), 2006
=
Trustworthy Ambitions
End goal: 2014 or longer
Microsoft is doing enough to improve its software security.
Strongly Disagree 40%
Somewhat Disagree30%
Strongly Agree 2%
Somewhat Agree 18%
Will Trustworthy Computing eventually make a difference?
0 20 40 60
Don'tKnow
No
Yes
20032002
Redmond’s Assessment
“I think we have made a good start in the last two years, and I believe we will have made enormous progress 10 years from now.”
STEVE BALLMER
CEO, Microsoft
Is Microsoft doing enough to improve the security
of its products?
Is it on the right track?
Patching
Patching Windows Is Best Characterized As:
Unavoidable46%
An Overblown Problem
5%
Onerous 48%
Microsoft Is Doing Enough To Ease The Patching Problem.
Strongly Disagree28%
Somewhat Disagree33%
Strongly Agree 3%
Somewhat Agree 20%
Is the Windows patching problem getting better?
Synergistic Security
“There’s no one thing that’s going to solve this. Mitigation is part of it.”
MIKE NASH
Corporate VP, Microsoft SBU
Will Microsoft’s synergistic security strategy lead to better overall security for
Windows and its other applications?
What does Microsoft need to do to win and retain
the confidence of its enterprise customers?
Users Respond