News Stay informed about the latest enterprise technology news and product updates.

Microsoft's security push costs $100 million

In an effort to give .NET the credibility needed to support distributed business systems, Microsoft has put more than $100 million into its security push.

Microsoft's security push costs $100 million

At the Microsoft Tech Ed conference in Barcelona, David Thompson, VP of the Windows Server Products Group, has given a view of how much the company has put into its security push. The man-time alone, it appears, has cost around $100 million and that's in his group alone.

Much of the effort, it would seem, has gone into changing the mindset of Microsoft's developers. Instead of looking to write 'cool' code they are now expected to write 'secure' code. This appears to confirm many of our worst fears about Microsoft coders of the past -- that the need for properly engineered code was not previously recognized as a priority. Thompson added fuel to this line of thought by stating that 5000 Microsoft staff spent February and March learning about security -- an implication that they didn't know anything before that time?

We should, of course, take these comments in the spirit that they were meant. Microsoft has recognised that it needs to understand security better and it has invested massively to ensure that its developers are able to build better products. The end result will be better for the large number of businesses that are trying to build their systems on the .NET framework.

Microsoft has concentrated heavily on the management issues and provides extensive support for PKI along with a strong focus on authentication and policy-based administration. A lot of effort has also gone into the publication of Web services with UDDI. As a combination, all of these features point strongly towards extended use of Active Directory technology.

The overall hit that Microsoft has taken is much greater than the $100 million stated. There are other product development groups that have made similar investments in man-time and training and the product delivery schedules have all been dragged back by a few months.

The point is that, for Microsoft, this was an investment that it had to make if .NET is ever going to have the credibility needed to support distributed business systems. It cannot encourage businesses to open up their applications through Web services and then put them at risk from hackers or denial of service attacks.

The big hope for us all has to be that this new found 'secure' coding skill will translate into proper software engineering and that the products that we buy from Microsoft in the future will be robust enough for mission critical activities. We can but dream.

Copyright 2002 provides IT decision makers with free daily e-mails containing news analysis, member-only discussion forums, free research, technology spotlights and free on-line consultancy. To register for a free email subscription, click here.

For More Information:

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.