Microsoft reorgs its Trustworthy Computing group; cuts some staff

The fallout from Microsoft's latest round of layoffs is continuing, with a reorg and job cuts affecting the company's Trustworthy Computing group.
Written by Mary Jo Foley, Senior Contributing Editor

The fallout from round two of Microsoft's layoffs of 18,000 total employees continues.

On September 18, Microsoft officials acknowledged they would be cutting 2,100 jobs this week, as well as closing the Microsoft Research Silicon Valley lab.

As part of the latest round of layoffs, Microsoft also is cutting an undisclosed number of employees working in its Trustworthy Computing (TwC) Group, a spokesperson said, and will be splitting the remaining TwC team between the Cloud & Enterprise and Legal and Corporate Affairs groups. The engineering team members are going to Cloud & Enterprise, and the policy side of the TwC house is going to Legal and Corporate Affairs.

The spokesperson declined to say how many employees were on the TwC team before yesterday's cuts.

John Lambert, General Manager of Network Security and Science in TwC, tweeted to some followers that TwC was "just moving to a new home," and that SDL (security development lifecycle), operational security, pentest, MSRC (Microsoft Security Response Center) and Bluehat are "just under a new roof."


Microsoft launched the TwC team in 2002. (Here's the January 15, 2002 e-mail that Microsoft founder Bill Gates sent to all employees announcing the company's new focus on trustworthy computing.)

TwC has been involved in crafting Microsoft's cybersecurity, privacy and development lifecycle policies. It also is the part of the company that oversees Microsoft's Patch Tuesday updates.

There's been growing unrest among many IT professionals regarding the seemingly increasing number of faulty Patch Tuesday patches — both security and non-security ones — that are making their way out to customers. Just a couple of days before Microsoft's announcement regarding the layoffs of some of the TwC staff, I asked for a comment about what TwC was going to do to improve the failure rates for its patches.

I didn't get much of an answer. A spokesperson sent the following response:

“The quality of updates is critical to our customers, and it is a high priority for us too. We are always looking at where improvements can be made with the goal of reducing implementation issues, and we will remain transparent with our customers about update issue resolution, security threats, and protections.”

Microsoft is believed to be working on revisions to the Windows software patching and update cycle as part of its work on Windows Threshold, the next version of Windows due in the spring of 2015. Recently, according to my sources, the antivirus team inside Microsoft moved from Cloud & Enterprise to Microsoft's Operating Systems Group. Microsoft officials have declined to say why that move was made or how that will play into what's coming, update-wise, with Threshold. 

Editorial standards