RSA 2006 Keynote Bill Gates

2006 RSA Security Conference Keynote by Bill Gates, Chairman - Microsoft addressing todays network security, spam, phishing, network access control and intrusion prevention.

At this event, Mr. Gates said that the Internet has become such a critical infrastructure for productivity, for reliability, for privacy that the dreams we have can only be realized if we not only build secure approaches but make those easy to administer and make it so the users understand exactly what to expect. He went ahead and said that there needs to be a lot of invention and improvement from where we are today.

Mr. Gates made it very clear that Microsoft’s future goals rested with the Internet and Security. He outlined the importance of relying on the net for "medical records, tax records, buying and selling, scientific data, important communications, including national security." Gates even outlined the four main ingredients which are most important; "the trust ecosystem, an ability to engineer for security, simple approach so that the models are quite clear, and finally, fundamentally secure platforms where the capabilities really are designed in, in a way that you don't have to pay much attention to them."

There was also a demonstration on security at the Keynote address which showed off Microsoft's new 'password replacement' InfoCard system. This allowed the presenter access to a fake car rental site by simply choosing an identity from a list of names. Slated for launch and multiple platform support later this year, Microsoft's InfoCard system will allow users to carry their digital ID around much like a wallet, allowing access to computers and protected information areas on demand. Gates referred to current password systems as "the weak link." For more info on his speech, a link is provided in additional info section for full transcript.

Engineering for Security

Gates called on all companies to strive for excellence in security engineering at all stages of development to ensure more-secure product design. Engineers around the world must be consistently trained in secure design and coding practices. He encouraged the software community to change the engineering culture so security is no longer an afterthought, but a guiding principle from the very beginning of development. To provide a more secure ecosystem, Gates encouraged industry partners to publish and share best practices for developing more-secure code and, as an example, cited Microsoft’s implementation of the Security Development Lifecycle (SDL). The details of this formalized process have been made publicly available for developers, including its code-scanning tools such as PREfast and FxCop in Visual Studio® 2005.

Industry Call to Action

Gates appealed to the industry to come together to develop more-secure products with a common understanding of how software should behave and work together. He asked the industry to support a trust ecosystem that will allow people to embrace a digital lifestyle with more secure, accountable and reliable technology.

Gates highlighted the company’s commitment to building industry partnerships to promote security. A notable example is the SecureIT Alliance, formed by Microsoft in October 2005, which now has more than 70 members. The industry consortium’s goal is to enable independent software vendors and systems integrators to work more closely with Microsoft and each other to build and integrate security products for the Microsoft platform. The SecureIT Alliance has launched its official Web site, http://www.secureitalliance.com, which has been expanded to include an interactive developer forum for member partners. Microsoft is also a founding member of the Anti-Spyware Coalition, an organization comprising leading anti-spyware vendors, academic leaders and related advocacy groups who all share a commitment to ensuring that users maintain control over what is running on their computers.

“The world is adopting the vision of an interconnected global community at a rapid pace,” he said. “It is our responsibility as industry leaders to provide customers with the information and tools they need to live their personal and professional lives without fear of security or privacy breaches. Every computer user should have the right to go online securely, and we are committed to turning this vision into reality.”

Related Links

• Bill Gates: Microsoft's Security Vision and Strategy, RSA Conference 2006

Amit Vartak, 27 is working in wired and wireless security fields since last 3-4 years. His current area of interest includes IEEE 802.11 (Wi-Fi) suite of protocols, vulnerabilities in these protocols and countermeasure for those vulnerabilities. Working on cutting edge tools and technology always keeps him busy. He has contributed from concept level to final prototyping for the presentations in Defcon 2007 (The Emperor Has No Cloak - WEP Cloaking Exposed) and Toorcon 2007 (Caffe latte attack). He holds 2 patents with USPTO (current status: Patent Pending) and a few papers in IEEE journals on wireless protocol vulnerabilities. Prior to this, he was working on MEMS (Micro Electro Mechanical Systems) and has published a few papers in SPIE and ICMAT. (Yeah… kindda orthogonal fields… but technology really doesn’t limit the talent :) He did his masters in Electrical Engineering from one of the premier institutes in India, Indian Institute of Technology, Bombay (IIT-Bombay) and his under graduation, from University of Mumbai in Electronics and Telecommunication Engineering. He is currently working with AirTight Networks Inc. as a team lead in technology group since last 3 years.You can get in touch with him at amitcv[at]gmail[dot]com