Some people might dream of having the power to kill a product just before launch at a company the size of Microsoft, but for Scott Charney, that's just part of the job.
Charney, vice president of trustworthy computing, was hired by Microsoft in early 2002 to spearhead the company's security strategy. He built a team that looks for vulnerabilities in products during development and works to implement security into product design. If the team finds an issue, even if the product is just about to ship, Charney can order the product back to the drawing board until the problem is fixed.
Microsoft's implementation of its secure-development lifecycle process has led the industry, says Andrew Jaquith, an analyst at Yankee Group. "They have really been a pacesetter in this area," he says.
Still, Microsoft didn't create the initiative out of choice, Jaquith says. "It was born out of necessity because customers were threatening to defect," he says. Microsoft once had an internal list, called the executive hot list, made up of "customers so furious with security that they called [Bill] Gates or [CEO Steve] Ballmer personally", Jaquith says.
"In many respects, that caused the trustworthy computing initiative to be born."
Since Charney joined Microsoft, on five occasions vice presidents in charge of products have disagreed with his no-ship order, Charney says. Craig Mundie, chief research and strategy officer at Microsoft, was called to settle the disputes, and each time he sustained Charney's no-ship order.
Once, Charney reversed his no-ship order himself. That was after his team found out about an issue in Windows Mobile 2003 that should have been fixed before it shipped, he says. But then Pieter Knook, who was in charge of Microsoft's mobile communications business until he left the company this February, explained that delaying the product launch would mean missing the end-of-year holiday season — and that the issue could be fixed after the launch. Charney decided to let the operating system ship.
His team typically finds issues during development and makes sure the problems are fixed, he says.
"Every now and again we get surprised," he told reporters late last month. Sometimes a vulnerability is discovered in an older version of a product, and his team realises that a newer version in development might also have the same problem.
Microsoft hired Charney, who had worked for the US Department of Justice and served as assistant district attorney in the Bronx, at what he said was a unique time. The September 11 attacks had just happened, and two major computer viruses, Code Red and Nimba, had recently spread rapidly across the internet. That combination of events created a unique environment, when previously complacent vendors and governments realised they needed to get more serious about computer security, he says.
Since then, Microsoft's trustworthy computing initiative has been largely successful, although there are still a few sore spots, Jaquith says. Security researchers are impressed by the improvements in Microsoft's products and say that the company is being much more transparent about its security processes than it used to, he says. Microsoft has also improved its response times to customer concerns about security, he says.
But there are some vulnerable aspects of Microsoft's software that the company hasn't fixed and doesn't appear to intend to fix, Jaquith says. For example, Microsoft has not addressed certain security issues in Internet Explorer's ActiveX, a major vector for malware, he says.
The next step in Charney's vision for trustworthy computing is securing the internet. He recently unveiled a new initiative that is, in essence, a call to arms for all internet companies to work together to create a more trusted internet.
In a white paper, he broadly describes Microsoft's vision and invites feedback on the ideas. Microsoft is asking "all who care about online safety to join in a robust and meaningful discussion about building a more trusted internet", Charney wrote in a statement about the initiative.