Gates says security boils down to four focus areas

http://www.networkworld.com/news/2006/021406-gates-keynote-rsa-security.html

However its unclear what those four areas are from the article.

The best quote I can find relating to it is:

Gates then launched into the importance of security going forward and categorized a set of priorities under four headings: trust ecosystem, engineering for security, simplicity, and fundamentally secure platforms.

… but later …

Gates gave very little in the way of new initiatives or ideas at Microsoft for meeting his four broad goals, instead tailoring his remarks around announced features in the upcoming Windows Vista client operating system including smart card support, identity technology called InfoCard, and improvements in the Internet Explorer browser.

so I wonder what substance there is. Later on in the article: Gates used the demo to highlight his trust ecosystem, one of his four priority areas for improving security. “We have chains of trust,” Gates said. “What we need to do is track those trust relationships, to grab permissions, to revoke those trust relationships, to develop reputation over time.” He said today people live without a trust ecosystem. I’m not sure I like the idea of “grabbing” permissions. My mother always told me it was rude to grab. Do you think software and system engineering rates well on

  • trust ecosystem,
  • engineering for security,
  • simplicity,
  • fundamentally secure platforms.

Of those .. well ‘simplicity’, yes, but be careful; there are many naive approaches to that. As for fundamentally secure platforms – hogwash! We do know how to engineer secure and reliable systems from insecure and unreliable components. We’ve been doing it for years in other fields. Perhaps what we really need to do is to overthrown the mystique of computers and treat software like any other engineering discipline. Where is Steve McConnell when you need him?

About the author

Leave a Reply