Remember the early days of Trustworthy Computing? 2002 I started to give keynotes about TwC – as we call it – and told the “world” about what we think should be done in the industry in order to regain trust. I usually compared it with the power network: You are expecting that it works, that the power grid survives it when you plug a lamp in and that the lamp survives this as well. This comes from experience as you have done it thousands of times before – and it worked.
So, we started TwC and started to clean our own house. I assume you know a lot of the stories about us stopping development for three months to do security trainings and code reviews, implementing the Security Development Lifecycle, …. and finally saying that TwC is an IT industry challenge.
The reason, why I am writing this is a study I read about today: Data Breaches Break Consumer Trust. Guess what: The attacks are moving up the stack. We are not anymore in the center of the attention as it is not too easy to attack Windows anymore – it is much easier to attack the applications and the user.
TwC is an industry initiative and everybody has to play a role in it.