ubergizmo
 Ubergizmo in Polish

[RSA] Microsoft Details End-to-End Trust Vision, Takes Trustworthy Computing to the Net (video)

Story posted on: April 07, 2008



This afternoon, at the W hotel in San Francisco, Microsoft was giving out some details on what the company's chief strategist, Craig Mundie, is going to talk in his keynote tomorrow morning. In a nutshell, the idea is to take Microsoft's concept of Trustworthy Computing, i.e. an ensemble of security initiatives, concepts and best practices to make Microsoft products more secure and more reliable, to the Web.
"End-to-end trust is this idea of making the Web more secure for everyone", said George Stathakopoulos, the General Manager for Microsoft's Product Security.

A bit of Microsoft security history

Stathakopoulos is quite a legend in the Microsoft security space. He shipped every security bulletin since Microsoft had one and responded to every virus or worm that Microsoft had ever faced.

"Around 1997, it was the first time where security and vulnerabilities appeared in Microsoft products. And for about 3-4 years, we looked at this problem but we thought it was more theoretical... Life became miserable around 2001. We had a series of viruses and worms: i love you, melissa, blaster, bubble boy, sasser... So it was during that time we created the Trustworthy Computing initiative that started with a memo from our Chairman and sets some goals for Microsoft. Which is to do better in security, privacy, business practices and reliability. And I was the security pillar for that!".
The vision of end-to-end trust came when the team that was responsible for the Trustworthy Computing initiative started thinking of how this initiative will look 5 years from now. They then came out with a 22 pages documents that explains Microsoft's vision but also serves as a "platform for dialogue". "We can't do it alone. Everybody in the industry must participate", added Stathakopoulos.

But how will this work?
Well, because this vision/paper goal is to start the conversation, nobody really knows. But there are some initial concepts: it has to be anonymous, which is an element of privacy; and built around the idea of a certificate that will allow a user to "claim" its identity and not necessarily around a central authority. Again, this is far from clear and will link to the paper as soon as Microsoft publishes it.




Be the first to comment!

(In order to cut on SPAM, anyone can leave a comment, but only comments from Typekey users will be posted immediately. Others will have to wait for a moderator to approve the comment. Thanks for your patience. Typekey is free and it takes only one minute to register)

Please be respectful of others when participating to this thread. Insulting or self-promotional comments could be removed. Thank you.



Email a Friend
To:


Your email (no spam):


Message (optional):