Some people might dream of having the power to kill a product just before launch at a company the size of Microsoft, but for Scott Charney, that's just part of the job.

Charney, vice president of trustworthy computing, was hired by Microsoft in early 2002 to spearhead the company's security strategy. He built a team that looks for vulnerabilities in products during development and works to implement security into product design. If the team finds an issue, even if the product is just about to ship, Charney can order the product back to the drawing board until the problem is fixed.

Microsoft's implementation of its secure-development lifecycle process has led the industry, said Andrew Jaquith, an analyst at Yankee Group. "They have really been a pacesetter in this area," he said.

Still, Microsoft didn't create the initiative out of choice, Jaquith said. "It was born out of necessity because customers were threatening to defect," he said. Microsoft once had an internal list, called the executive hot list, made up of "customers so furious with security that they called [Bill] Gates or [CEO Steve] Ballmer personally," Jaquith said. "In many respects, that caused the trustworthy computing initiative to be born." Microsoft's public-relations firm said that the company would not comment on the matter.

Since Charney joined Microsoft, on five occasions vice presidents in charge of products have disagreed with his no-ship order, Charney said recently to a group of reporters at Microsoft's headquarters in Redmond, Washington. Craig Mundie, chief research and strategy officer at Microsoft, was called to settle the disputes, and each time he sustained Charney's no-ship order.

Once, Charney reversed his no-ship order himself. That was after his team found out about an issue in Windows Mobile 2003 that should have been fixed before it shipped, he said. But then Pieter Knook, who was in charge of Microsoft's mobile communications business until he left the company this February, explained that delaying the product launch would mean missing the end-of-year holiday season -- and that the issue could be fixed after the launch. Charney decided to let the operating system ship.

His team typically finds issues during development and makes sure the problems are fixed, he said.

"Every now and again we get surprised," he said. Sometimes a vulnerability is discovered in an older version of a product, and his team realizes that a newer version in development might also have the same problem.

Microsoft hired Charney, who had worked for the U.S. Department of Justice and served as assistant district attorney in the Bronx, at what he said was a unique time. The Sept. 11 attacks had just happened, and two major computer viruses, Code Red and Nimba, had recently spread rapidly across the Internet. That combination of events created a unique environment, when previously complacent vendors and governments realized they needed to get more serious about computer security, he said.