Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
In June, we concluded our Cybersecurity 2020 Student Essay Contest in which we sought original research on how to measure the security impact of policies around the world. Government policy makers around the world struggle with crafting effective policy to reduce cybersecurity risks in the midst of tremendous change in the cyber ecosystem. These developments led us to seek out novel analyses from future cybersecurity thought leaders.
We were excited to receive entries from 17 different countries/regions around the world. Each of the qualifying entries were reviewed by a panel of judges evaluating novelty of analysis, future relevance, and quantitative basis. Today, I am pleased to share the top three prize winners. Read more
Recently the Microsoft Security Response Center (MSRC) released their annual “MSRC Progress Report.” The report provides insights into key security bulletin and Common Vulnerabilities and Exposures (CVE) statistics and how several MSRC programs performed during the one year period between July 2012 and June 2013.
For example, during the 12 months ending June 2013, Microsoft released a total of 92 security bulletins to address 246 individual vulnerabilities. Of the security bulletins released during this period there were two out-of-band updates, both affecting versions of Internet Explorer: MS12-063, released on September 21, 2012 and MS13-008, released on January 14, 2013. Read more
In May, I shared Microsoft’s perspective on the U.S. government’s effort to identify incentives that could promote adoption of the Cybersecurity Framework under development at the National Institute of Standards and Technology (NIST). In my post, I described several types of incentives that would be particularly impactful, including... Read more.
Back in April I published a post about the end of support for Windows XP called The Countdown Begins: Support for Windows XP Ends on April 8, 2014. Since then, many of the customers I have talked to have moved, or are in the process of moving, their organizations from Windows XP to modern operating systems like Windows 7 or Windows 8.
There is a sense of urgency because after April 8, Windows XP Service Pack 3 (SP3) customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates. This means that any new vulnerabilities discovered in Windows XP after its “end of life” will not be addressed by new security updates from Microsoft. Still, I have talked to some customers who, for one reason or another, will not have completely migrated from Windows XP before April 8. I have even talked to some customers that say they won’t migrate from Windows XP until the hardware it’s running on fails.
What is the risk of continuing to run Windows XP after its end of support date? One risk is that attackers will have the advantage over defenders who choose to run Windows XP because attackers will likely have more information about vulnerabilities in Windows XP than defenders. Let me explain why this will be the case. Read more.
Today we are pleased to announce the availability of a new Microsoft Security Intelligence Report (SIR) desktop application. This app works on Windows 7 and Windows 8 and is designed to provide our readers with an enhanced way to access the vast amount of threat intelligence contained in the SIR. Here’s a summary of the new SIR app’s key features:.. Read more