Microsoft Tries to Clean Its Code

Microsoft is expanding its security business unit with a group that will establish new software development processes and create tools for its programmers so that future Microsoft products will have fewer security flaws, a Microsoft executive said.

The new Security Engineering Strategy team will look at security across all Microsoft product lines, with the ultimate goal being that customers will take security for granted in Microsoft products, Steve Lipner, the recently named director of Security Engineering Strategy at Microsoft, said in an interview on Wednesday.

"My position really is recognition of the fact that there are a lot of security aspects to building and shipping software products at Microsoft and we need to do a more coherent job of looking forward across all the products we ship, trying to address security holes before they are discovered outside of Microsoft," Lipner said.

"What we're focusing on is improving our processes for building code that is as good and particularly as secure as we can possibly make it," he said.

Security Strategy

Lipner previously headed Microsoft's Security Response Center (MSRC), the part of Microsoft that handles security vulnerabilities in products after they have been shipped. Lipner also drove the code-cleaning initiative last year which saw Microsoft take a break from writing code to examine its work for security flaws.

The Security Engineering Strategy team will be small, with about 10 security experts who will be recruited from within as well as outside Microsoft, Lipner said. "We will try to get the best people so we can to do a great job on security for our customers," he said.

Microsoft, which has faced hefty criticism when it comes to the security and stability of its products, created a business unit focused on security just over a year ago. The unit has been growing steadily since, Lipner said.

"Trustworthy Computing and security are key elements of success for the IT industry going forward," he said. Trustworthy Computing is the Microsoft-wide initiative to focus on security launched by Microsoft Chairman and Chief Software Architect Bill Gates in January last year.