Case in Point: Bill Gates' "Trustworthy Computing" Memo
According to a variety of trade press resources, including not just Information Week, but CNET's news.com, and numerous other online computer news services, the text of Bill Gates' internal memo appeared at 2:22 PM, Pacific Time, on January 15 in their e-mail inboxes as a forwarded message. So far, the actual sender has not been identified nor is that information terribly important but given the nature of the message itself and the identity of its sender (as long as it's not repudiated outright, of course), the implications of the message are pretty staggering:
Gates is absolutely uncompromising in his admission that security has been a fundamental problem, based as much on Microsoft's development strategies and tools, as on a failure to require that best security practices and procedures be made integral to development and testing processes.
Gates makes a compelling case that truly "trustworthy computing" requires the same kind of rock-solid implementation and reliability associated with public telephone service and utilities. He also confesses candidly that Microsoft is far away from this goal, but indicates that other operating systems and application providers are in the same boat.
Gates goes on to indicate that increasing code security is the "top priority" for Microsoft programmers, leaving open the question of what implications this will have on upcoming product schedules and releases. Gate summed this new priority up as follows: "Now, when we face a choice between adding features and resolving security issues, we need to choose security."
What's interesting about this leaked memo is its demonstration of the power of the rumor mill. Though not designed as an official public document, Gates' memo was forced into that role by its public dissemination. And immediately thereafter, understanding the implications of this shift in focus and priority required some serious rethinking of Microsoft's product plans, release dates, and activities.