Gates Issues Call to Action for Security

In his keynote address at the RSA Conference in San Jose Tuesday, Bill Gates outlined his vision for ensuring security on PCs and the growing number of connected devices. The Microsoft chairman also issued a call to action, saying the industry needs to support a "trust ecosystem."

Trust, said Gates, will be the foundation on which future security infrastructure is built. The idea is to establish relationships between people and businesses when it comes to PCs, similar to those that exist in the physical world. For example, Windows Vista will require low-level code to be signed and comply with strict policies.

Another effort being undertaken by Microsoft is a new technology called "InfoCard" for managing identities and sharing personal information. InfoCard will largely replace Passport in the future and do away with password-based security authentication systems.

Gates said that the InfoCard technology will provide a unified place for personal data and payment information, much like a digital wallet. Web sites can create and request separate InfoCards, each containing different sets of data that remain individually secure.

InfoCard fits into what Gates called the new "Identity Metasystem," in which disparate authentication methods will work together under unified framework. The concept is much like those being pushed by the Liberty Alliance, OASIS, and now VeriSign and OATH.

"Our vision for security is to create a world where there is greater trust — where people and organizations can use a range of devices to be more reliably and securely connected to the information, services and people that matter most to them," Gates said.

To this end, Microsoft is pushing companies in the industry to work together in establishing best practices for developing more-secure code. The company recently created its own such protocol called the Security Development Lifecycle (SDL) and has created the Secure IT Alliance.

Gates added that businesses need to adopt this trust ecosystem in order to ensure end-users remain safe. "It is our responsibility as industry leaders to provide customers with the information and tools they need to live their personal and professional lives without fear of security or privacy breaches," he said.

"Every computer user should have the right to go online securely, and we are committed to turning this vision into reality."