The US Government may have snubbed Microsoft by not even mentioning the software giant in its draft cyber security plan but in Australia the company is scheduled for high-level briefings with the Federal Government next month on how to protect the nation's IT infrastructure.
Spearheading Microsoft's Trustworthy Computing initiative in Australia, Calum Russell has confirmed security briefings will be held with the Australian Government. However, he was unwilling to disclose attendance details, but added discussions are at the 'highest levels'.
Russell said the fact Microsoft wasn't mentioned at all during a 90-minute presentation of the US National Strategy to Secure Cyberspace this week was "strange", especially since White House cyber security advisor Richard Clarke has made it clear the Government cannot act alone, but needs private sector support to defend critical infrastructure.
"Windows is a dominant force on corporate desktops so we should be involved; we should be a player in any plans," Clarke said.
As the biggest software company in the world, Russell said Microsoft certainly has a role to play, which has been acknowledged here in Australia where the software giant has had ongoing discussions with the Federal Government over the past six months.
He said only last week Microsoft released a discussion paper on 'making software more secure' which has been handed to the Federal Government with plans to liaise with Government IT departments on how to secure their systems.
Admitting Microsoft has traditionally focused on functionality rather than security when it came to product releases, Russell said this is rapidly changing since the introduction of its Trustworthy Computing initiative earlier this year with local agencies such as the Australian Taxation Office (ATO) building security on Microsoft technology.
"Previously we discussed operational security matters with government agencies but this has moved to a higher level in recent months," he said.
Topics for discussion with the Government include the process of reporting vulnerabilities to vendors and determining what is sufficient time to release a patch.
Russell rejected suggestions the Government should make Microsoft more accountable through regulation by holding the company liable for 'buggy' software.
"I don't believe our products are more vulnerable; we get targetted more by hackers and they move faster than software developers," he said.
"There is no excuse and we are taking a tougher stance on this front, but we also need cooperation from other vendors, because most [organisations] use several operating systems."
Russell said Microsoft's commitment to developing more secure products is evident in the two months of intensive training undertaken by all of its developers earlier this year, adding that this time-out has actually delayed product releases.
"Previously, functionality was based on an opt-out system, now it is opt-in which may be tedious for system administrators, but necessary," he said.
In the past six weeks Microsoft has also released a Software Update Service (SUS) to provide synchronised updates for companies.