The next step in Microsoft's Trustworthy Computing initiative is the release of a security roadmap in 2004 for customers deploying and integrating a broad range of products across their organisations, the company's chief security strategist Scott Charney revealed this week.
Speaking at Microsoft's TechEd Conference in Brisbane and building on the software giant's Trustworthy Computing initiative launched last year, Charney said while most exploits are the result of misconfiguration Microsoft has a responsibility to provide a roadmap categorising security features that overlay all products to help customers with deployment.
Admitting it is a mammoth task and the roadmap isn't likely before 2004, he said customers want information on security management features made available to help them deploy products, particularly mobile technology, and want it to integrate with routers and firewalls provided by other vendors.
Charney said the task means compiling security information that is then catalogued on all Microsoft products, thereby supporting its efforts to deliver more secure products and to "change our track record".
"The biggest contributor to our bad reputation is patch management I hear it all the time and am determined to address the problem, but in my lifetime patches will remain unwieldy," he said adding that the company has released a Whitepaper on its Web site to assist customers with patch management.
Not surprisingly, Charney suggested the best solution to ensuring products are secure is to upgrade, referring to the company's new locked-down product releases developed under the Trustworthy Computing banner such as Windows Server 2003.
He said that, in the past, the software industry released products that didn't have security features, adding that a 1965 Mustang did not have the safety features in motor vehicles available today.
Commenting on the increasing prevalence of cybercrime, Charney said in the US more than 80 per cent of homicide cases are prosecuted while hacking has a clearance rate of less than 5 per cent.
"When tackling a crime you need to know who is committing the offence and why, but the Internet doesn't know this, which is why government and private sector organisations have to protect against all attacks whether it's criminal or information warfare," he said.
During his visit to Australia Charney will meet with customers, the Australian Federal Police (AFP) and the Attorney General's office.