We are six years into Trustworthy Computing (TwC). When we launched it, we said a number of things:
- "It is a 10-year vision". Well, that's something we have had to update. As long as there are criminals out there using the Internet to steal, Trustworthy Computing will be around.
- "It is an industry initiative" – well, when I did my first keynote on TwC in 2002 (I am getting old J) and I said this (just after Nimda, Code Red and Slammer) people laughed at me and said that we better fix the problem within Microsoft. To an extent they had a point, and we've come a long way since then though we know there is still much to do. But today few would disagree that security and cybercrime is anything less than an industry challenge that we all have a responsibility to address.
- • The nature of the security threat has evolved, as has the industry's and our own approach. Notoriety used to be the name of the game, now it's often nothing more than a base desire to steal. Threats have become more stealthy and targeted, and criminals are as likely to target vulnerabilities in human nature as they are in software.
So the big question is "where next?" – not only for Microsoft but for the industry as a whole. This is exactly the question we would like to address: What is next? Where shall the industry move?
If you are interested in these themes, I would like you to watch out for two things:
- Craig Mundie's keynote at RSA next Monday on Enabling End-To-End Trust
- An additional post here during next week