Microsoft Corp. Chairman Bill Gates sent an e-mail to some Microsoft customers Friday updating them on the company's Trustworthy Computing initiative and reminding them that they too have a significant role to play in securing their computer systems.
Gates announced the Trustworthy Computing initiative in January in a memo to Microsoft employees that was also released to the media. In that memo, Gates said that despite all the features added to Microsoft's products over the years, none of them were important if the products were not also secure.
"So now, when we face a choice between adding features and resolving security issues, we need to choose security," he wrote at the time.
To that end, Microsoft engineers were directed to spend the month of February reviewing Windows source code for security holes and fixing them.
In Friday's e-mail, Gates said that work took twice as long as expected, and would be extended to Microsoft Office and Visual Studio .Net in the future.
Broadening such efforts is likely needed as Microsoft has issued patches for numerous security vulnerabilities in other products besides Windows since February. In the last three months, the company has patched flaws in it SQL Server, Internet Explorer Web browser, Exchange e-mail server, debugging program and instant messaging clients.
In Friday's email Gates also touted the security assessment tools, such as Baseline Security Analyzer and Software Service Update, that Microsoft has released since January.
Microsoft customers will also have to be active participants in achieving better security, Gates wrote.
To do this, customers should use the bug-reporting features built into Office XP and Windows XP, use Windows Update to keep up to date with security patches, and use the company's security assessment tools, he wrote.
"Microsoft is fully committed to (Trustworthy Computing), but it is not something we can do alone," Gates wrote. "It requires the leadership of many others in our industry and a commitment by customers to establish and maintain a secure and reliable computing environment."