Peter Christy

At RSA Microsoft (with great fanfare) introduced the notion of "end-to-end trust" featuring a White Paper by Scott Charney, VP Trustworthy Computing, and featured in Craig Mundie's keynote, shown here in dialog with Chris Leach, Affiliated Computer Services' CISO. The paper and the topic are thoughtful and meaningful, but the tenor of the paper is very academic and not at all prescriptive. My MS friends explained that there is still a good deal of remembered pain from Hailstorm, Microsoft's web authentication effort from some years ago which was too prescriptive. Trying to resolve this tension I went around and polled some wise men in security on whether they thought we were winning the war (making the Internet safer) and sadly few feel very optimistic. In the past Microsoft has been a real industry leader in trying to drive collective change. Maybe it's just that Mundie isn't very comfortable wearing the shoes he inherited from Gates. With no blame meant toward Microsoft (they're still out in front of the pack in leadership) it sort of feels like the bad old days of Spam "control" -- Fiddling while Rome burns. I wonder if the bad guys buy analyst services.