In an e-mail to key customers last week, Gates said that work to check for security holes and bugs in the Windows source code took twice as long as expected. He promised the security review would be extended to Microsoft Office and Visual Studio .net in the future.
Gates announced the Trustworthy Computing initiative in January in a memo to Microsoft employees. He said that despite all the features added to Microsoft's products over the years, none of them were important if the products were not secure.
"When we face a choice between adding features and resolving security issues, we need to choose security," he declared.
Microsoft engineers were then told to spend February reviewing Windows source code for security holes and fixing them.
Since February, Microsoft has issued many patches for security vulnerabilities in non-Windows products. In the past three months, the company has patched flaws in its SQL Server, Internet Explorer Web browser, Exchange e-mail server, debugging program and instant messaging clients.
Gates' message to customers last week combined an appeal for them to help Microsoft and also to use security assessment tools to help themselves.
"Microsoft is fully committed to [Trustworthy Computing], but it is not something we can do alone," Gates wrote.
"It requires the leadership of many others in our industry and a commitment by customers to establish and maintain a secure and reliable computing environment."
To do this, customers should use the bug-reporting features built into Office XP and Windows XP, use Windows Update to keep up to date with security patches, and use the company's security assessment tools, he wrote.