News

Mundie Plugs Trustworthy Computing

The focus of Microsoft's "Trustworthy Computing" initiative will move from security to areas such as privacy, reliability and Microsoft brand integrity in its second year, according to Microsoft's chief diplomat.

Craig Mundie, senior vice president and chief technology officer for advanced strategies and policy at Microsoft, provided an update on Trustworthy Computing in a speech in San Francisco last week.

Mundie first publicly introduced the concept of Trustworthy Computing a year ago, although it became a household word in IT circles in January after Microsoft chairman and chief software architect Bill Gates wrote a company memo about the initiative.

Trustworthy Computing involves Microsoft's efforts to improve the security, privacy, reliability and business integrity, or brand integrity, of its software and services. During the first year of Trustworthy Computing, Microsoft largely focused on security issues, with the developer training and code review surrounding Windows .NET Server 2003 being the highest profile project.

Going forward, Mundie predicted Microsoft would make "continuing progress in security" but that the company would have other areas of focus as well. "We'll continue to make progress in the privacy area with more and more of both the services and systems being very transparent with respect to the person identifiable information and how it's gathered and administered," he said. More lists and materials will probably move to opt-in defaults, Mundie said.

Microsoft's Trustworthy Computing initiative will also concentrate on making it easier for customers to comply with new regulations. "There will be continued work to try to find ways to be compliant with the emerging regulations like HIPAA and Gramm-Leach-Bliley and even the Sarbanes-Oxley stuff that just happened," Mundie said.

Reliability will be another key area for Trustworthy Computing, with an emphasis on the feedback loop that automatically generates error reports during application failures that users can elect to send back to Microsoft. "As more of ... the third-party software vendors ... instrument their apps in a way that they can take advantage of that closed loop thing, and we come up with better ways to distribute more than just Windows and Office on an automated update basis, all of these things will basically ratchet overall system and application reliability up another level in the next 12 to 24 months," Mundie said.

As for business integrity, Mundie said, Microsoft will scrutinize more closely whether Microsoft is writing contracts or using support mechanisms that inspire trust in the company and the brand. That extends into providing better uptime for commercial services that Microsoft offers, Mundie said.

In addition to the forward-looking view of Trustworthy Computing, Mundie provided a look back at the security efforts. In addition to the developer training and product code reviews, Mundie highlighted:
  • Configuration changes in Windows XP Service Pack 1 to prevent the system from automatically joining an insecure wireless local area network.
  • Setting changes in Service Pack 1 for Windows XP Home Edition that enables the Personal Firewall by default.
  • The source-code licensing program to encourage university and research organizations to examine Microsoft code for security vulnerabilities.
  • Free hotfix and configuration management tools that have been made available for download over the last year.
  • Ongoing security commitments. "We didn't fall off the turnip truck just a year ago and decide we should think about these things," Mundie quipped. He pointed to the three-year process to earn the Common Criteria security evaluation for Windows 2000 as an example of Microsoft's ongoing commitment to security.

  • About the Author

    Scott Bekker is editor in chief of Redmond Channel Partner magazine.

    Featured

    • Microsoft Offers Support Extensions for Exchange 2016 and 2019

      Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

    • An image of planes flying around a globe

      2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

      Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

    • Notebook

      Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

      Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

    • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

      As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.