Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Recently the Microsoft Security Response Center (MSRC) released their annual “MSRC Progress Report.” The report provides insights into key security bulletin and Common Vulnerabilities and Exposures (CVE) statistics and how several MSRC programs performed during the one year period between July 2012 and June 2013.
For example, during the 12 months ending June 2013, Microsoft released a total of 92 security bulletins to address 246 individual vulnerabilities. Of the security bulletins released during this period there were two out-of-band updates, both affecting versions of Internet Explorer: MS12-063, released on September 21, 2012 and MS13-008, released on January 14, 2013. Read more
In May, I shared Microsoft’s perspective on the U.S. government’s effort to identify incentives that could promote adoption of the Cybersecurity Framework under development at the National Institute of Standards and Technology (NIST). In my post, I described several types of incentives that would be particularly impactful, including... Read more.
Back in April I published a post about the end of support for Windows XP called The Countdown Begins: Support for Windows XP Ends on April 8, 2014. Since then, many of the customers I have talked to have moved, or are in the process of moving, their organizations from Windows XP to modern operating systems like Windows 7 or Windows 8.
There is a sense of urgency because after April 8, Windows XP Service Pack 3 (SP3) customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates. This means that any new vulnerabilities discovered in Windows XP after its “end of life” will not be addressed by new security updates from Microsoft. Still, I have talked to some customers who, for one reason or another, will not have completely migrated from Windows XP before April 8. I have even talked to some customers that say they won’t migrate from Windows XP until the hardware it’s running on fails.
What is the risk of continuing to run Windows XP after its end of support date? One risk is that attackers will have the advantage over defenders who choose to run Windows XP because attackers will likely have more information about vulnerabilities in Windows XP than defenders. Let me explain why this will be the case. Read more.
Today we are pleased to announce the availability of a new Microsoft Security Intelligence Report (SIR) desktop application. This app works on Windows 7 and Windows 8 and is designed to provide our readers with an enhanced way to access the vast amount of threat intelligence contained in the SIR. Here’s a summary of the new SIR app’s key features:.. Read more
Today Trustworthy Computing released new research that examines the long-term impact of security mitigations that Microsoft has implemented to address software vulnerabilities. This analysis is based on a study of security vulnerabilities that have been addressed through Microsoft security updates over a seven year period (2006 – 2012) and are known to have been exploited. The study focuses on assessing trends in the types of vulnerabilities that have been exploited, the product versions that have been targeted and the exploitation techniques that have been used by attackers. Read more.
The oil and gas industry is one of the world’s largest industries in terms of sheer dollar value. This energy source is what keeps us warm in cold weather, makes it easy to cook our food and heat our water, generates our electricity and fuels our transportation needs. Given that the oil and gas industry is so critical to our everyday lives, application security is of paramount importance.
Over the past few years, we have seen some highly publicized attacks on this industry. In an industry that manages critical infrastructure needs, software application security is absolutely essential and must be a top priority. The importance cannot be overstated. Today, Microsoft released a new case study entitled “Secure Software Development Trends in the Oil & Gas Sectors” which takes a close look at application security in the oil and gas industry and discusses how a holistic approach to software development can help mitigate many of the risks these organizations face. Read more.
If you are in the security industry or follow news related to security breaches or threat intelligence, you know that the threat landscape is continually evolving. Attackers are constantly seeking out new ways to compromise potential victims on a broad or targeted scale. They attempt to exploit unpatched vulnerabilities, use deceitful tactics to trick users into installing malicious software, attempt to guess weak passwords, and other dirty tricks. Despite this reality, a concerning large number of organizations are still not developing applications with security in mind.
According to our latest Trust in Computing survey, conducted in nine countries for Microsoft by comScore, security wasn’t considered a “top priority” when building software by 42% of developers worldwide. Read more
Healthcare is one of the most vital industries worldwide, helping to diagnose, treat and administer care to millions of people every day. The importance of this industry cannot be overstated and technology plays a vital role.
With the onset of electronic healthcare records, and increased accessibility to private information, the industry is faced with growing pressures to conform to regulations such as HIPAA and others. Given how critical healthcare is to our daily lives, it’s no surprise that secure software development for this industry was a hot topic at this year’s Security Development Conference. Read more.
The consumerization of IT, meaning the use of consumer services and devices in the workplace, has in recent years accelerated worldwide. Employees are using services, such as social media, as well as consumer devices like laptops, mobile phones, and tablets in the workplace – a phenomenon known as Bring Your Own Device (BYOD). With BYOD employees are allowed – and sometimes encouraged – to bring their personally-owned devices to work and use those devices to access company resources, such as files and applications. For many organizations, embracing BYOD can help businesses improve productivity, as well as reduce costs associated with deploying and supporting company-issued assets. At same time, BYOD also comes with management and security concerns.
Our Trust in Computing survey, conducted in nine countries for Microsoft by comScore found that BYOD has gained wide acceptance in several countries, with 78% of organizations allowing employees to bring their own computers to the office for work purposes, and 31% subsidizing purchases of employee-owned computers for work use. There were some interesting variations among the nine countries surveyed. For example, Chinese companies were the most likely (86%) to allow BYOD, and Japanese companies the least likely (30%). Read more
This week, we will be releasing three installments of our new “Trust in Computing” research study. In late 2012, Microsoft Trustworthy Computing commissioned comScore to conduct a survey to help uncover current attitudes and perceptions related to security and privacy. This research explores trends in attitudes and opinions across nine countries/regions, and among three audience segments. Read more