Microsoft’s operating systems / platforms, applications, and processes are used by millions of people in nearly every country on this planet. It’s software products are used in mission critical devices and processes (in the UK, the NHS is a prime example), defence industry, manufacturing, finance, and government to name a few. Knowing what I do about the kinds of attacks against its applications, operating systems, and processes, by ruthless organized crime groups and people using every conceivable method to steal, compromise, extort, blackmail, or otherwise make life miserable for their own personal gain, we all can be mighty proud of the extraordinary efforts Microsoft has and continues to put into making all computer users more safe on the Internet. But remember, criminal attacks against systems is an Industry-wide problem, which is why Microsoft is working with industry partners, government, and educational institutions to help ensure understanding of the problems and develop better solutions.
It's important to remember that no software is 100% secure. We’re working to keep the number of security vulnerabilities that ship in our products to a minimum. Trustworthy Computing is a long-term initiative and those changes do not happen overnight. We’ve made progress and our efforts are resulting in significant improvements in the security of our software. We have every confidence that - together with our industry partners - we'll continue to meet the constantly evolving challenge of security to help our customers and the industry become more secure.
Did Microsoft use a different approach to testing security while developing Windows Vista?
The release of Windows Vista is the first Microsoft operating system to use the Security Development Lifecycle (SDL) from start to finish and was tested more prior to shipping than any previous version of Windows.
Building on the significant security advances in Windows XP Service Pack 2, Windows Vista includes fundamental architectural changes that will help make customers more secure from evolving threats, including worms, viruses, and malware. These improvements minimize the operating system’s attack surface area, which in turn improves system and application integrity and helps organizations more securely manage and isolate their networks.
Too often software is developed by bolting security technology onto an application and declaring it secure. The SDL was developed to provide a step-by-step process integrating secure development into the entire software lifecycle from start to finish. We have already seen the benefits of this process as it was first used for Windows Server 2003 and resulted in a 56% decrease in the number of security bulletins, compared to Windows Server 2000.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.