When Microsoft faced with a challenge as serious as security, it fights back with a vengeance. Over the past year the company has gone through many changes ranging from reorganizations, to company acquisitions. These changes were implemented to better focus on becoming an agile security threat response organization. Six areas of particular note;
Fundamentals -- Microsoft’s Security Development Lifecycle (SDL), an approach to the entire software development process that incorporates security holistically and comprehensively. A major reorganization occured last summer where all security developers are aligned & reporting directly to the product groups. So what are some of the results; vulnerabilities in Microsoft Windows Server 2003 were reduced from 84 to 49 compared to the previous version; new wave of shipping products developed under the SDL process -- included Visual Studio 2005, SQL Server 2005, and BizTalk Server 2006 Beta 2. Lastly, Software Update Validation program that provides rigorous testing of updates before releasing products prematurely.
Threat and Vulnerability Mitigation -- The acquisition of Sybari Software for enhanced protection against malicious software for enterprise customers. Announcement of Microsoft Client Protection, which will combine strong anti-Spyware tools, comprehensive virus protection and centralized management capabilities for laptops, desktops and servers in business systems. Acquisition of FrontBridge Technologies to enhance management and security capabilities for enterprise e-mail environments. Windows OneCare Live, a subscription service that takes much of the work out of online protection, by automatically helping guard against spyware, phishing attacks and other threats.
Identity and Access Control -- A way to dictate what resources users can access, and personal and corporate information is protected throughout its lifetime—wherever it resides. Acquired Alacris, a leading provider of strong authentication solutions for digital certificates and smart card applications.
Prescriptive Guidance -- Intensive training for third-party developers on secure coding practices and the SDL at the annual Microsoft Professional Developers Conference. New online security curriculum called Learning Paths for Security, organized around four key learning paths: Threats & Vulnerabilities; Identity & Access Control; Regulatory Compliance; and System Integrity. Security360, a monthly webcast series focused on security topics that includes commentary and guidance from security industry experts inside and outside of Microsoft.
Industry Partnership Progress -- Creation of the SecureIT Alliance, a group of security partners that are working together to develop innovative security solutions for the Microsoft platform for the benefit of common customers. Founding member of the AntiSpyware Coalition and participated in Black Hat briefings and hosted two Blue Hat events. And working with government; Congressional Internet Caucus where detailed support for a “comprehensive” legislation approach to data privacy at the federal level that would provide meaningful protections for individuals, focused on preventing actual harm, and set clear guidelines for businesses while still allowing commerce to flourish.
A Look Ahead into 2006 -- Windows Vista platform will experience security improvements in everything from user account control, better support for smartcards, enhanced firewall protection, and improved security and privacy capabilities in Microsoft Internet Explorer 7.0. Additionally, BitLocker Drive Encryption, a hardware-based feature that addresses the growing concern over corporate and customer data on lost or stolen machines.
For more details on this blogs source and RSS subscription feeds click on this tab.
Cheers, Don.
Comments