In the late 1990s and early 2000s, Microsoft"s software products didn"t have as good of a reputation as it enjoys today. That was especially true of its Windows operating systems, which were big targets for cyber criminals. One example was the "Code Red" virus in 2001 which infected over 200,000 Windows PCs in two weeks.
In January 2002, Microsoft co-founder Bill Gates issued a memo to all of the company"s employees. It offered up Gates" vision of what he called "Trustworthy Computing". Gates felt that Microsoft should work to make "computing that is as available, reliable and secure as electricity, water services and telephony."
That memo was the beginning of an effort by the company to release products that are as safe to use as possible. This week, Microsoft posted up a new and extensive feature about how it made a turnaround in developing safer software and services. The article, "Life in the Digital Crosshairs" contains some little known information about the early days of this effort to increase security in software.
One interesting tidbit is that in February 2002, one month after Gates" memo, the company decided to stop development of Windows briefly to focus its software developers on security. The article states:
Everyone was given training to outline expectations and priorities — threat modeling, code reviews, available tools, penetration testing — all designed to modify the default behavior of the system to make it more secure. Their room at the Microsoft Briefing Center was filled to its 950-person capacity twice a day for five days ...
This phase ended up lasting two months but Microsoft wasn"t over yet. In 2004 the company launched what it calls the Security Development Lifestyle (SDL), a new process of creating software that put security as a top priority. Other companies such as Cisco and Adobe have since used Microsoft"s SDL as a process to create their own software.
Source: Microsoft | Image via Microsoft