It’s no surprise that I’m a big fan of Microsoft’s Trustworthy Computing Initiative- something I was skeptical of when it was first announced. MS proved me wrong, and years later we’ve seen a very positive impact. Vulnerabilities are down, response times are up, and products ship in more secure configurations. Yes, they still screw up every now and then, but it’s overall been a huge improvement. Just because I don’t like to use Vista doesn’t mean I don’t appreciate all the security work that went into it, and let’s not forget all the benefits across the rest of the product line. Go count SQL Server 2005 vulnerabilities if you want any proof. You’ll only need one hand, and you’ll have 4 fingers left over (5, if you really look where the vuln came from).

If MS buys Yahoo! and implements TCI, the impact could be enormous. Google isn’t doing a very good job of managing security issues, and if these things hit a certain point they could affect user behavior.

Realistically it will take 3-5 years for the full implications of TCI to affect any product line, but we’ll see incremental improvements fairly quickly. Yahoo!’s security track record isn’t all that bad to start with, and I much prefer their privacy policy over Google’s.

Should Microsoft! use security for competitive advantage (and it work), we can expect Google to respond fairly quickly. They aren’t stupid, and if security affects business they will get on the ball immediately.

None of this, of course, will come to pass if market forces don’t place a priority on security. It doesn’t even need to be a top priority, just somewhere moderately high on the list. There could also be peripheral benefits to a major Web 2.0 company building the tools, techniques, and education for secure coding.

My guess? Nothing earth shattering, but if the deal goes through there will be a net security benefit substantial enough that we’ll all be referring back to it in our blog posts in 5 years.


p style=”text-align:right;font-size:10px;”>Technorati Tags: , ,