It's a good week for pigeons, which are coming home to roost with more alacrity than students with dirty washing at Christmas. Not only is Enron's spectacular collapse revealing what we've known all along -- that corporate accounting, regulation and responsibility has gone very rotten in these laissez-faire post-Reagan years -- but Microsoft has woken up and smelled the buffer overflowing. In a memo that will make the history books, Bill Gates has said that without trustworthy products, nothing Microsoft does will be worth a bean. And that Microsoft does not have trustworthy products.
Remarkable. I wasn't alone in saying this years ago, but it's still hard not to punch the air with a degree of told-you-so. This shaft of enlightenment might be in some degree due to increasing momentum in the US for the idea that companies which produce faulty software should be held responsible for the results -- hardly a revolutionary thought -- or it might be because people are so enormously fed up with having to clean up Microsoft's mess for them that even Gates has heard the rumblings from his marketing and sales people.
But saying it and doing it are two different things, even for Microsoft. Yes, they turned on a sixpence when they discovered that the Internet was indeed bigger than them, but security? That only comes from having a culture where security comes first, where every aspect of a product is designed within a framework of testable precepts by people who think defensively yet creatively about what can go wrong, and what happens when it does. You cannot bolt it on. You cannot take old stuff and munge it to be secure -- but Microsoft lives by the bolt-on kludge.
It may be too late.