GatesSpeak by the bucket load

GatesSpeak by the bucket load: Posted by Daeron on February 26th, 2004; Remarks by Bill Gates, Chairman and Chief Software Architect,
Microsoft Corporation
RSA Conference 2004
San Francisco, Calif. Feb 24 2004

"Microsoft was founded with a vision that software could do some
amazing things"

"I'm going to give you an update. It's not something that's a
completed work, because not only Microsoft but everybody in this
industry has a lot we need to do before we get to the point where this
is not what stands at the top of the list of what would hold us back"

"We have people who are connecting machines to all these wireless
networks, and the wireless network is trying to be made secure, even
though they're not controlled by a central IT department"

"it's very hard for people to plan fo. Knowing exactly what has to be
done, that's been far too difficult"

" I'm very optimistic about this, even though there are many years of
work ahead of us"

"there is a lot of work done on security by experts who are totally
benign"

"the maturity that we're getting in terms of the systems, the updates,
the methodologies, these are exactly what we need to take care of
these other threat models"

"And so it's the dollar loss that comes in -- that gain level or the
national interest piece -- that we can get to by making sure that none
of these types of people can get in and attack these systems. And so
the learning curve is being driven forward very rapidly by the visible
portion of this activity"

"Now, our approach, of course, has two main buckets: the work we're
doing at the technical level, both on our own and around industry
standards, and then the work we're doing in terms of education and
awareness and working with governmental entities"

"A lot of the dollars are going into those technical buckets. Those
technical buckets are very important, and I'm very optimistic about
them"

"but we'll never get away from the need to have both of these pillars,
to be working with customers, setting up Web sites, setting up
auditing tools that can make things easy for them, and raising the
level of awareness of these issues so that somebody can go through
exactly the steps to secure their systems.

"There are a lot of architectural principles. We talk about
SD-cubed-plus-C; that's secure by design, that's security-aware
features"

"Clearly, there's more to do, but that is one of the metrics that
shows us that we're definitely on the right track"

"the tactics we go through to make sure that all of those things come
together for those systems vary according to the audience"

"If somebody is sending around a mail thing and they're clicking on
executable files"

"The idea that you can look at that machine before it comes onto the
network, see if it's up to date"

"As soon as we got good enough to handle that in an auditable, totally
predictable way, people saw this as the software that would solve that
problem"

"we'll get even the corporate applications to get out there and not
require any privilege escalation to either install that application or
use that application"

"An area of particular innovation is this idea of scanning source code
and finding areas that might be security vulnerabilities, things like
checking the size of the buffer, checking the size of an on-stack data
structure"

"Things come in across the network, using open ports that are there
for benign reasons"

"There are attacks through e-mail attachments and Web downloads"

"I want to talk about spam. Spam is both a nuisance"

"So we're putting out, as an industry proposal this week what we call
caller ID for e-mail. And it's a very specific technical proposal
about how you can make sure that the domain is authentic. We've
actually taken *our* we have some *patents* around this, we're saying
are *royalty* *free*, available for everyone to use, the ones that
relate to the fundamentals of this, and so we're talking with other
ISPs and mail providers, and we believe that by this summer, with the
*right* *agreements*, we can put this in place"

"When I meet with developers, one of the key messages is the
opportunity created by the Web services standard. You've probably seen
the momentum building behind these, the acceptance of XML as the rich
data standard"

"what WS Security does is it creates a protocol-based approach that's
not subject to spoofing or replay attacks"

Windows is certified at what's called EAL level 4, and of all the
popular operating systems, that is the highest level of
certification."

"hardware level things to verify that the operating system you're
running, that nobody's tampered with that"

"making sure that, at the OS level, secrets can be maintained"

"Anyway, the recent advance is that the offline scenario was one that
required innovation on both sides, us working with RSA to understand,
okay, how do you get the information onto the machine so that it still
can be used but used in a secure way when the network is not there and
available"

"Microsoft Research has done so many different things in the security
area I had to pick which one I thought would be very interesting, and
what I picked is a really neat piece of work called the Tamper
Resistant ID Card"

http://www.microsoft.com/billgates/s...4/02-24rsa.asp

Similar Posts

how can i fix a FAULT BUCKET 126637809 error/message PLEASE HELP (Help and Support) by Tete Mora Arriaga
Fault Bucket (Help and Support) by Justice 4
Hierarchical token bucket for Cisco (3640)?!? (Routers) by papi
Fault bucket 117260132. (Windows Server) by borger
<< Small Biz server news [was posted last night and got lost in thebit bucket>> (Small Business Solutions) by Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]