Microsoft doesn't do security, and although the company has publicized Windows Vista as the most secure Windows platform to date, the operating system is in fact the first product of the culture change business over in Redmond. This is the perspective of a 17-year Microsoft veteran. David Ladd, Senior Security Program Manager on the Security Engineering Strategy Team offered a unique perspective over Microsoft's Security Development Lifecycle as a culture change business.

The Security Development Lifecycle is nothing more than a framework of processes and technologies, and in this sense, it is innovative because nobody before Microsoft has managed to focus and centralize security methodologies into a comprehensive architecture.

"Microsoft has two things going for it in this regard; strong executive support and the unfortunate experience gained by living through "tectonic" security events - which have snapped trustworthiness issues into razor-sharp focus and continue to provide motivation by the truckload. This clarity of thought at the executive level has allowed us to create, implement, and refine the SDL - providing resources and support at critical junctures has proven to be absolutely vital in driving culture change at Microsoft," Ladd explained.

Microsoft is in fact building trustworthiness. Windows Vista is a great result and one of the great first steps. The Redmond Company needs to educate consumers in relation to its focus on security, because the Microsoft brand has drifted apart from the concept of user protection over the years. Microsoft's war is on the front of security, but it is also on the minds of the users.

"Have we won the culture war? Absolutely not. Microsoft is constantly evolving; people come and go and the lessons of the past must be taught to future generations. Bottom line: our executives understand that we are in this for the long haul and that by addressing trustworthiness on a continuing basis, we will see tangible gains in both product quality and customer satisfaction," Ladd added.