In a keynote at the RSA conference last year, Microsoft Chairman Bill Gates and Craig Mundie, chief research and strategy officer, said the company had more to do to improve security.
A year later, not much has changed.
Mundie and Chris Leach, chief information security officer at Affiliated Computer Services, followed talking points about Microsoft's latest vision for End to End Trust, describing it as an industry call to action.
"The foundation has been laid for good security practices," Mundie said. "The challenge now is related to management practices."
It's all about establishing that you are who you say you are.
"We need new forms of credential," Mundie said. "You should be able to present a cert (certificate) that says, 'Hey, I'm over the age of 18'...and allow a Web site to know that you are an adult."
Mundie was laying out the parameters for Microsoft's vision for security so that the interested parties would build around the company's framework.
As if on cue, he said: "The overall management systems today are not integrated enough, they're too complicated. That has been a major focus for Microsoft." And he mentioned some Microsoft products that solve those problems.
I showed Bruce Schneier, chief security technology officer for BT, the End to End Trust documents and he said "it feels general and like marketing hype." The notion that the world needs centralized authentication "is just silly," he added.
Basically, Microsoft has used its trusted computing efforts, such as inserting identity rights management into Office 2003, to lock people into using its products, Schneier said.
"Microsoft has used this as an anti-competitive tool," he said.
In a briefing on Monday, George Stathakopoulos, general manager of Microsoft's Trustworthy Computing group, was mentally prepared for the criticism.
"With everything we do, there is always skepticism and conspiracy theories," he said. "The answer is no; this is for real."