Schneier on Security

Last week, Bill Gates published a company-wide memo outlining a new strategic direction for Microsoft. Comparing this to the change when the company embraced the Internet, Gates elevated security to Microsoft’s highest priority. By focusing on what he called “Trustworthy Computing,” Gates plans on transforming Microsoft into a company that produces software that is available, reliable, and secure.

“We must lead the industry to a whole new level of Trustworthiness in computing.” – Bill Gates internal memo, 15 January 2002.

Trust is not something that can be handed out; it has to be earned. And trustworthiness is a worthy goal in computing. But unlike performance goals or feature lists, progress toward it is hard to measure. How can we determine if one piece of software is more secure than another? Or offers better data integrity than another? Or is less likely to contain undiscovered vulnerabilities? How do we know if Microsoft is really committed to security, or if this is just another performance for the press and public? It’s not as easy as measuring clock speeds or comparing feature lists; security problems often don’t show up in beta tests. As longtime security experts, we’d like to suggest some concrete ways to evaluate Microsoft’s (and anybody else’s) progress towards trustworthiness. These are specific and measurable changes that we would like Microsoft to make. This is not intended to be an exhaustive list: building secure software requires much more than what we delineate here. Our goal is to provide a list of measurable recommendations, so that the community can judge Microsoft’s sincerity. Some of our recommendations are easier to implement than others, but if Microsoft is serious about security and wants to take a true leadership position, they can’t shirk any of them. Some of our changes are easier to verify than others, but it is our goal that all of them be independently measurable. In the end, the pronouncements and press releases don’t mean a thing. In security, what matters are results. If we can distill our recommendations into a single paradigm, it’s one of simplicity. Complexity is the worst enemy of security, and systems that are loaded with features, capabilities, and options are much less secure than simple systems that do a few things reliably. Clearly Windows is, and always will be, a complex operating system. But there are things Microsoft can do to make even that complex system simpler and more secure. Microsoft must focus its programmers on designing secure software, on building things right the first time…