Dan Gillmor: “Robert Scoble is a good guy, and he's good for Microsoft. But there's some kool-aid seeping out of this piece.” and “The monopoly is safe for now. Customers are not, and the world's wealthiest and most powerful monopoly should care more.”
Dan: all of our executives are now compensated based on how many and how happy our customers are. Translation: they don't get raises or bonuses unless we have BOTH 1) Happy customers and 2) A lot of customers. Right now our customers aren't happy. Our execs aren't happy. We're motivated to fix this security problem (and enabled — you should have seen the recent internal security fest).
Yes, Dan's right. A corporation's #1 job is profits. Our investors (read millions of people who own stock in us) demand that we show more and more profitability.
The question we're always asking ourselves is “what should we do now to increase profits?”
Security wasn't always important to investors (er, the average person that invested in Microsoft stock didn't care). Now they care a lot — and the fact that Dan and other journalists are writing tons of articles about security underscores that fact. So, you're already witnessing a huge corporate shift. Microsoft, last year, took a month off and reviewed every single line of code. Obviously that wasn't enough.
So, Dan's right. We should care more. Our investors demand it. Our customers demand it. We took a month off coding last year. Maybe we should listen to Dan and take a year off and worry about security issues even more. I'm not an executive, though, and I'll let them decide that priority. I can tell you that on my team we argue about the security and trustworthy aspects of nearly every new feature we design into our project. It's a BIG deal for average rank and file employees (we hate having to read articles like the one Dan wrote this morning).
The problem is, at some point you'd have to ship new products. Our investors demand that too (new products are where new revenues come from). And, then, you'd be shipping new code with potential new vulnerabilities. Any code that does something interesting is a potential security problem. Think about that for a minute.
For instance, Microsoft just shipped OneNote. It doesn't have an API. Why? Because of security issues. But, it really limits the functionality of the app. I'd love to have Radio UserLand talk to OneNote, so I could use OneNote for blogging. I can't do that today because of security concerns.
Also, anything I do on Microsoft's defense is gonna sound like “drinking the Koolaid.” Heh, you should hear the heck that I get from Microsoft's employees (one guy called me “Microsoft's cheerleader).” That doesn't take away from the fact that we're working hard on a whole raft of new security initiatives. Let's get together in a year and see if we've lived up to Gillmor's demands. [The Scobleizer Weblog]