17 Nov Microsoft, Once Infested With Security Flaws, Does an About-Face
Microsoft was once the epitome of everything wrong with security in technology. Its products were so infested with vulnerabilities that the company’s co-founder, Bill Gates, once ordered all of Microsoft engineers to stop writing new code for a month and focus on fixing the bugs in software they had already built.
But in recent years, Microsoft has cleaned up its act, even impressing security specialists like Mikko Hypponen, the chief research officer for F-Secure, a Finnish security company, who used to cringe at Microsoft’s practices.
“They’ve changed themselves from worst in class to the best in class,” Mr. Hypponen said. “The change is complete. They started taking security very seriously.”
Still, episodes of online hacking have become even more startling, including the theft of personal data from millions of Target customers and terabytes of private emails from Sony Pictures Entertainment — both companies use some Microsoft products. While Microsoft has not been blamed for the attacks, critics have insisted that the tech giant do even more to make digital systems resistant to breaches and snooping.
Microsoft’s chief executive, Satya Nadella, says he is listening. On Tuesday, he delivered a speech to government technology workers in Washington about the importance of security in the technology business and how Microsoft has evolved to confront security threats.
Mr. Nadella, in a phone interview, said his aim was to lay out how Microsoft products make it harder for hackers to compromise PCs, and how the company has eliminated the corporate divisions that separated security managers from each other to improve how threat information is shared.
“It’s kind of like going to the gym every day,” said Mr. Nadella, who himself runs about three miles a day. “You can’t say I’m serious about security without exercising the regimen of keeping security top of mind every second, every hour of the day.”