Putting your executives in the public eye is a standard, and generally effective, PR technique. Some executives are more media-ready than others. I happened to hear one of the best executive media appearances I've come across in a long time while listening to a podcast of "Tech Tuesday" on the Kojo Nnamdi show from WAMU in Washington, DC.
The executive was Ben Fahti, who heads Microsoft's Security Technology Unit. Given the beating Microsoft has taken over the years, his position is a pretty critical one. His performance on the show was impressive. Some of the things he did right:
- He owned up to the company's past problems, talking frankly about how security was not part of their development process and the problems it caused.
- He didn't get dragged down into discussions of particular incidents and problems.
- He did present a coherent, articulate picture of how Microsoft is making security a fundamental part of their development process. He sounded like someone who knew his stuff and was making important changes that will benefit customers.
- When callers brought up very specific problems ("My PC is doing this and that..."), he couldn't answer the specifics... but asked for their contact information so he could get them help offline. A small thing but an impressive one.
- He didn't bash Apple.
News about security issues at Microsoft continues, of course. But Fahti left the impression that not only was the company making major strides, but that it's addressing the problem in a systemic way.
Contract that to what one hears from Apple about security. Apple executive appearances are designed to be a bit like a visitation from the turtlenecked gods, and the main message is "We're better, nyah nyah," complete with advertisements poking fun at Microsoft.
And while Apple has set the bar high for security, it's not as high as they'd have you believe; there are a steady stream of issues and patches. Moreover, their attitude inspires a sense of dread - if these guys have a problem will they even know it? Consider this eWeek article about the Month of Apple Bugs project:
Wil Shipley, the CEO of Delicious Monster Software, said he agreed that there is a greater good in reporting OS bugs. "First off, I'll say, as Apple does, that finding bugs in Mac OS X is really good for all of us—Apple, third-party developers, Mac users—and so, you know, bully for those guys," he said.
But Shipley said he also questions how the MOAB project is going about its goals.
"The only unsavory bit in all this is that originally, when I read about MOAB, it was positioned as a response to Apple being 'smug' about security, which is childish and inane," said Shipley.
"Apple has a right to be 'smug' about an area in which they are better then their competition, even if they are not totally perfect."
Wrong. Smug doesn't play well. Smug plays especially poorly when you're talking about security. And smugness keeps a company from seeming serious. Consider this Apple response:
A spokesperson for Apple said that "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users. We always welcome feedback on how to improve security on the Mac."
Microsoft's got an executive talking frankly about their problems and what they're doing on a local radio show. Apple's got a spokesperson giving a non-answer and TV ads with a gloating Mac guy laughing at a PC with the sniffles.
Apple may be very good at security, but the smug way they talk about it leaves the impression that they're simply not a serious company.
Smug's rarely effective.