17 January 2002 Only weeks after further flaws were exposed in its new Windows XP operating system, software giant Microsoft has elevated security to the top of the company’s development agenda.

In an email distributed within the company on 15 January, Microsoft’s co-founder and chief software architect Bill Gates said that Microsoft would focus on adding secure features to its products at the expense of other enhancements.

“When we face a choice between adding features and resolving security issues, we need to choose security,” he wrote. “Our products should emphasise security right out of the box.”

Labelling the move “Trustworthy Computing”, Gates emphasised how much of the US infrastructure depended on systems software, and ensuring the security of that infrastructure demanded the “highest priority”.

Gates’ statement coincided with the publication of a draft report by the influential US National Academy of Sciences that suggested that the government may have to introduce legal sanctions against software suppliers that failed to ensure their products were adequately secure.

The report, commissioned after the 11 September terrorist attacks on New York and Washington, concludes that certain system designs are wide open to attack from hackers, virus writers and other malicious elements. It suggests that the only way to force software companies to improve the security of their products may be to “increase [their] exposure to liability for system breaches”.