Microsoft assigns responsibility for bugs

Microsoft can now identify the person responsible for every single line of code in its Windows operating system.

Microsoft can now identify the person responsible for every single line of code in its Windows operating system.

In the event of a bug or security breach, the company, as part of Microsoft's Trustworthy Computing security initiative, knows which staff member reviewed the code and can take appropriate action.

For Brian Valentine, senior vice-president of Microsoft's Windows division, this is a major step forward as the company tries to improve the quality of its products.

Valentine said that in the first stage of the initiative, every Windows employee - some 8,000 people in all - attended mandatory training.

"It's a full-day, pretty intensive session," said Valentine. "There's a section on simple coding mistakes and how not to make them. Then there's a whole [section on] complex coding mistakes, which really goes back to design issues.

"Another one is how to change the engineering process to actually design for security upfront and then manage security as you develop your products, " Valentine added.

Valentine said the training highlighted what testers and quality control staff should consider during automated testing.

He admitted that one day of training was not enough. "It gets you started," he said. Microsoft is now embarking on a second round of mandatory refresher courses, which will be followed by a mandatory day of training every year.

With the training programme and product reviews Microsoft has initiated so far, Valentine was confident he could now avoid embarrassing blunders, such as the discovery of a major vulnerability in Windows XP soon after launch.

"I now have a trained force of developers and engineers," said Valentine. "I also have the capability as a manager of a complex project like Windows [to know] that every single line of code has an identified owner, that it was their responsibility during a security push to review that code."

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.