Code It Right The First Time Is Microsoft's New Mantra

Microsoft chairman Bill Gates admits that today, people don't trust software--his, or anyone else's--enough to fulfill his vision for how completely companies will come to rely on digital transactions and information sharing. His goal is for people to trust computing as much as electric, gas, and phone systems--they might not be 100% reliable, but at least everyone's surprised when a utility fails. "Computing will only achieve its potential if our systems, both in reality and perception, have that level of capability," he says.

Microsoft has a way to go to meet that standard in most customers' eyes. Gates' January "trustworthy computing" memo to employees made delivering reliable, secure software Microsoft's top priority. But according to a new InformationWeek Research Web survey of 800 business-technology professionals responsible for applications, development, or IT management, users rate Microsoft last on satisfaction with the quality of its products. Less than one-fifth of respondents say they're extremely satisfied with Microsoft products; more than a fifth aren't at all satisfied.

That's especially bad news for the vendor because quality and security are inextricably linked, experts say. "Most security problems are caused by known defects in code," says Watts Humphrey, a fellow at the Software Engineering Institute, a quality watchdog at Carnegie Mellon University in Pittsburgh.

Microsoft knows the quality of its products has been a problem for customers. Over the winter, the company halted development of new features for its Visual Studio.Net and upcoming Windows.Net products to train engineers and managers on threats by hackers. Now, developers are more responsible for the input their programs accept, and feature specs incorporate "threat models" and safeguards against attacks. Microsoft is building into Windows more facilities to automatically update users and system administrators about patches to the software. And Windows.Net, due later this year, includes a version of the Internet Information Services Web server that's turned off by default, a switch that could close security holes in users' networks.

"These are all balancing acts between performance and reliability, performance and availability, performance and survivability," says Craig Mundie, Microsoft's chief technical officer.

To be fair, it's partly the ubiquity of Microsoft's products that makes them such a target for hackers. A lot of the quality problems associated with the desktop software that survey respondents say carries the most bugs--desktop operating systems, spreadsheets, word processors, E-mail, and software development tools--are injected by third-party developers who write apps and hardware drivers for Windows systems. Windows XP includes a function (which users may turn off) that reports problems back to Microsoft, so the company can find the source of the problem and let third-party developers know if the error was their fault. Gates says about 70% of XP customers use the automatic reporting function, which will help speed quality improvements.

But Microsoft also recognizes it needs to stop building and selling products based on new features, and start emphasizing their trustworthiness. "These are the new features," Gates says. "For a lot of customers, if you ask them to rank why they like XP right now, additional reliability, I bet you, will rise to the top of the list."