December 27, 2024

Microsoft Shutting Down Trustworthy Computing Unit

Posted on September 23, 2014 by in Security

As part of its reorganization efforts, Microsoft has decided to shut down its Trustworthy Computing (TwC) unit that has been focusing on improving customers’ trust in the company’s commercial products.

While TwC will no longer function as a standalone business unit, its general manager, John Lambert, noted on Twitter that they’re just moving to a new home and that “SDL [Security Development Lifecycle], operational security, pentest, MSRC [Microsoft Security Response Center], Bluehat are just under a new roof.”

Some members of the TwC team are among the 2,100 employees laid off by Microsoft last week. However, most of the team will join the company’s Cloud and Enterprise Division or the Legal and Corporate Affairs group.

“I will continue to lead the Trustworthy Computing team in our new home as part of the Cloud and Enterprise Division. Significantly, Trustworthy Computing will maintain our company-wide responsibility for centrally driven programs such as the Security Development Lifecycle (SDL) and Online Security Assurance (OSA),” Scott Charney, corporate vice president of Trustworthy Computing said in a blog post on Monday. “But this change will also allow us to embed ourselves more fully in the engineering division most responsible for the future of cloud and security, while increasing the impact of our critical work on privacy issues by integrating those functions directly into the appropriate engineering and legal policy organizations.”

“I was the architect of these changes. This is not about the company’s loss of focus or diminution of commitment. Rather, in my view, these changes are necessary if we are to advance the state of trust in computing,” Charney added.

Microsoft’s Trustworthy Computing initiative was announced back in 2002 by Bill Gates, who emphasized at the time the need for such a platform.

“Every week there are reports of newly discovered security problems in all kinds of software, from individual applications and services to Windows, Linux, Unix and other platforms. We have done a great job of having teams work around the clock to deliver security fixes for any problems that arise. Our responsiveness has been unmatched – but as an industry leader we can and must do better,” Gates said in a memo to employees.

Brad Hill, Web security technologist at eBay, explained in a post on Google+ the importance of TwC and its impact on the security landscape over the past years.

“That Trustworthy Computing diaspora today constitutes a big part of the core of the modern information security industry.  Veterans of TwC are security leaders in at Yahoo, Google, PayPal, Facebook, Adobe, VMWare and dozens of other companies,” Hill said. “From the hapless, hopeless position the industry found ourselves in a dozen years ago, we’re today starting to stand up credible defenses against nation-state level attackers. And while the heavyweight SDL processes of five years ago have been streamlined even at Microsoft, every security program today has some of the DNA of Trustworthy Computing in it and thinks about the job it exists to do in a different way because of it.”

 In addition to shutting down the Trustworthy Computing, Microsoft is closing down its research facility in Silicon Valley.

The organization plans on cutting a total of 18,000 jobs, representing 14% of its workforce. Roughly 12,500 of the job cuts are related to the recently acquired mobile device manufacturer Nokia.

 

Previous Columns by Eduard Kovacs:


SecurityWeek RSS Feed