Gates Touts Advances in Security ToolsBy Darryl K. Taft | Posted 2005-07-28 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
At Microsoft's Financial Analysts Meeting, Bill Gates and Ray Ozzie stress the importance of delivering tooling to help programmers write more secure code and better applications.REDMOND, Wash.Security remains one of the biggest concerns for Microsoft over the coming year and beyond.
Microsoft chairman and chief software architect Bill Gates and Ray Ozzie, a Microsoft chief technology officer, spoke on a wide range of issues, but they singled out security as among the key focuses of the company. The two spoke in a fireside chat format at the Microsoft Financial Analysts Meeting here Thursday.
"If you look at our whole R&D effort, security would be the biggest thing," Gates said.
"Microsoft has made huge investments in terms of security in tools" to help thwart hackers, particularly those moving from system-level attacks to application-level ones, Ozzie said.
"Microsoft has tools that will be in Visual Studio 2005 to do static code analysis," he said. "It's a tremendous experience. The tools came from Microsoft Research and represent a great example of technology transfer."
Gates said the complexity of applications today consists of tens of millions of lines of code. "When you have somebody with evil intent probing for any mistake," developers need more protection, he said.
Therefore, Microsoft is offering tools such as PreFast, Prefix and FXCop to weed out code vulnerabilities, and Microsoft developers cannot check in their code into the corporate code tree without running it through these tools, Gates said.
"Another thing is authentication; people seek the weakest link in the chain," Gates said. "Passwords are never going to be, as a single proof point, good enough," so things such as smart cards and biometrics are good adjuncts.
Microsoft Research, which turned out the Microsoft code security tools, is "the best investment the company ever made," Gates said.
He said the company's research and product groups work hand in hand, largely because many of the researchers want to see their efforts implemented in products.
"I was amazed at the number of projects where researchers are working hand-in-hand with product teams, said Ozzie, who joined Microsoft in April when Microsoft acquired Groove.
Meanwhile, Gates noted that although Microsoft is coming from behind in Web search capability, the company is "lucky" in that the status quo of Web search is not so advanced and lacks things such as advances in personalization. Moreover, regarding search, Microsoft is innovating around "taking the world of structured data and documents and bringing them together," he said.
Ozzie said he has gained a lot of respect for the management processes at Microsoft, in that "it feels at every level like a startup. There is a passion and a motivation to move things forward."
Gates said that is the challenge of having such a broad-based portfolio. He said he encourages the different product groups to work together, noting that many of Microsoft's key competitors are one-product companies.
Meanwhile, Ozzie said the peer-to-peer infrastructure coming from Groove will be a benefit in balancing decentralized systems. And "what has excited me about coming to Microsoft, having worked in collaboration, is that Microsoft has made significant investments in real-time collaboration."
This article was originally published on eWEEK.com.