On January 15 2002, Bill Gates announced to the world that Microsoft would completely change how it developed software, putting quality as the main priority. Given its Windows and Office software runs on the majority of the world's desktop and laptop computers, any quality issues affected millions of users. Given Microsoft software is so widely deployed, hackers could target the quality issues, exploiting poor quality code using simple buffer overflow attacks, to gain access to millions of Windows computers. For instance the Code Red
, attack in 2001, brought down Microsoft's IIS web server software, while SQL Slammer
, in 2003, became the fastest spreading worm ever.
Trustworthy Computing, (TwC) the term Gates coined to describe the company's strategy on IT security and software quality, would have a profound effect on Microsoft products. Windows XP had to be redeveloped as Windows XP SP2
. It is fair to say, that today, the extent of Trustworthy Computing, has made Microsoft a producer of high quality software. It has also led to Adobe, tying its patch releases in with Microsoft's Patch Tuesday, monthly updates.
Prior to Patch Tuesday, software companies were very secretive about security vulnerabilities. While it may have generated negative headlines about the risks and vulnerabilities in Microsoft software, Patch Tuesday has become an essential part of IT administration, allowing IT departments to plan and test updates to their Microsoft software.Speaking to Computer Weekly
, Steve Lipner, partner director of program management, TwC group at Microsoft, said "We have made progress and learned a lot of lessons, but we know we are not done. Computing is part of the fabric of society and trustworthy computing is still something we have to focus on."
What TwC has achieved is raise the bar on software quality, and, at the same time, it has made the general public more aware of keeping their computers "up-to-date." In this age of greater and greater connectivity, such awareness will go some way to protect people from hacking and phishing.