I am saddened to see that changes to the trustworthy computing group within Microsoft. I have dealt with them for many years, first within the UK Government as the Government CIO and now at Huawei. Scott Charney and the team (some who have, over time, gone to pastures new) have developed a world class reputation for excellence in security.
They have been at the forefront of methodologies such as SDL, worked tirelessly to expand other technology vendor and user’s knowledge whilst at the same time dramatically improving the security quality of the Microsoft products.
I can see no real advantage to Microsoft changing this setup. I do not buy the “imbed within the product team argument” because that was already the process and model at Microsoft. What this change does is to take away the focal point for security and instead scatter responsibility. It says to me the new CEO has no or little interest in security. If that is the case then he can kiss goodbye to his cloud first strategy.
My advice, be brave, put it back together again, rather than destroy, reinvigorate the success story and continue to drive TwC to be a strong foundation on which Microsoft products and services are built.
Gobsmacked. Seems like an incredibly retrograde step. I can appreciate that an organization like Microsoft has a seriously complex challenge. But that is simply a cost of doing that sort of business. When it comes to software integrity, the whole is only as strong as its weakest link, or component. Enterprise quality assurance [and their customers' confidence] surely demands a properly integrated governance regime. A piecemeal approach looks like a recipé for disaster, sooner or later.
Posted by: Colin Beveridge | 23/09/2014 at 11:44 AM