Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

July, 2013

  • The Impact of Security Science in Protecting Customers

    Today Trustworthy Computing released new research that examines the long-term impact of security mitigations that Microsoft has implemented to address software vulnerabilities. This analysis is based on a study of security vulnerabilities that have been addressed through Microsoft security updates over a seven year period (2006 – 2012) and are known to have been exploited.  The study focuses on assessing trends in the types of vulnerabilities that have been exploited, the product versions that have been targeted and the exploitation techniques that have been used by attackers.  Read more.

  • Oil & Gas Industry: Importance of Secure Application Development

    The oil and gas industry is one of the world’s largest industries in terms of sheer dollar value.  This energy source is what keeps us warm in cold weather, makes it easy to cook our food and heat our water, generates our electricity and fuels our transportation needs.  Given that the oil and gas industry is so critical to our everyday lives, application security is of paramount importance. 

    Over the past few years, we have seen some highly publicized attacks on this industry.  In an industry that manages critical infrastructure needs, software application security is absolutely essential and must be a top priority.  The importance cannot be overstated.  Today, Microsoft released a new case study entitled “Secure Software Development Trends in the Oil & Gas Sectors” which takes a close look at application security in the oil and gas industry and discusses how a holistic approach to software development can help mitigate many of the risks these organizations face.  Read more.

  • Trust in Computing Survey, Part 2: Less Than Half of Developers Use a Security Development Process

    If you are in the security industry or follow news related to security breaches or threat intelligence, you know that the threat landscape is continually evolving.  Attackers are constantly seeking out new ways to compromise potential victims on a broad or targeted scale. They attempt to exploit unpatched vulnerabilities, use deceitful tactics to trick users into installing malicious software, attempt to guess weak passwords, and other dirty tricks. Despite this reality, a concerning large number of organizations are still not developing applications with security in mind. 

    According to our latest Trust in Computing survey, conducted in nine countries for Microsoft by comScore, security wasn’t considered a “top priority” when building software by 42% of developers worldwide.  Read more

  • Security Development Conference 2013: Highlights (Part 3)

    Healthcare is one of the most vital industries worldwide, helping to diagnose, treat and administer care to millions of people every day.  The importance of this industry cannot be overstated and technology plays a vital role. 

    With the onset of electronic healthcare records, and increased accessibility to private information, the industry is faced with growing pressures to conform to regulations such as HIPAA and others.  Given how critical healthcare is to our daily lives, it’s no surprise that secure software development for this industry was a hot topic at this year’s Security Development ConferenceRead more

  • Trust in Computing Survey, Part I: Consumerization of IT Goes Mainstream

    The consumerization of IT, meaning the use of consumer services and devices in the workplace, has in recent years accelerated worldwide.  Employees are using services, such as social media, as well as consumer devices like laptops, mobile phones, and tablets in the workplace – a phenomenon known as Bring Your Own Device (BYOD).  With BYOD employees are allowed – and sometimes encouraged – to bring their personally-owned devices to work and use those devices to access company resources, such as files and applications. For many organizations, embracing BYOD can help businesses improve productivity, as well as reduce costs associated with deploying and supporting company-issued assets. At same time, BYOD also comes with management and security concerns.

    Our Trust in Computing survey, conducted in nine countries for Microsoft by comScore found that BYOD has gained wide acceptance in several countries, with 78% of organizations allowing employees to bring their own computers to the office for work purposes, and 31% subsidizing purchases of employee-owned computers for work use.   There were some interesting variations among the nine countries surveyed.  For example, Chinese companies were the most likely (86%) to allow BYOD, and Japanese companies the least likely (30%).  Read more

  • Trust in Computing Research: Overview

    This week, we will be releasing three installments of our new “Trust in Computing” research study.  In late 2012, Microsoft Trustworthy Computing commissioned comScore to conduct a survey to help uncover current attitudes and perceptions related to security and privacy. This research explores trends in attitudes and opinions across nine countries/regions, and among three audience segments. Read more

  • Trustworthy Computing Blog App Now Available for Windows Phone 8

    Twelve months ago we launched a Windows Phone application that was designed to provide our readers with an easy way to access Trustworthy Computing blogs through their Windows Phone devices.  Since then, we have received lots of feedback from users on the value it has provided and suggestions for improvements.  Today I am pleased to share that a new version of our Trustworthy Computing Blogs Windows Phone application is now available.  Read more.

  • Software Vulnerability Management at Microsoft

    A few years ago I wrote a whitepaper, with contributions from several other people, that describes key steps in the process we use to investigate, engineer and release security updates at Microsoft. We also recorded a video series with some of the folks at Microsoft that do the engineering work on security updates. Recently I have had a couple of customers ask about this process, so I thought we’d simply put these resources on the Microsoft Security blog to make them easy to find.