Поделиться через


Security in Vista - one step ahead

Windows Vista shipped to business customers on the last day of November 2006, so the end of November 2007 marks the one year anniversary for supported production use of the product. Windows Vista one year vulnerability report is published. This paper analyzes the vulnerability disclosures and security updates for the first year of Windows Vista and looks at it in the context of its predecessor, Windows XP, along with other modern workstation operating systems Red Hat, Ubuntu and Apple products. One year is a more informative time frame; this report contains the results of a deeper level of analysis. The report is published in the following link - https://www.microsoft.com/windowsserver/compare/ReportsDetails.mspx?recid=54. Highlights are side by side comparison of Vista with its predecessor, XP and with other industry OS. Thanks to Jeff, Security Strategy Director in Microsoft's Trustworthy computing group - for authoring this report.

Real story on security:

Microsoft's Security Development Lifecycle (SDL) is the key for the remarkable proven results. SDL is an industry-leading software security assurance process. A Microsoft-wide initiative and a mandatory policy since 2004, the SDL has played a critical role in embedding security and privacy in Microsoft software and culture. Combining a holistic and practical approach, the SDL introduces security and privacy early and throughout all phases of the development process. It has led Microsoft to measurable and widely-recognized security improvements in flagship products such as Windows Vista and SQL Server.

Microsoft is publishing the detailed SDL process guidance as part of its commitment to enable a more secure and trustworthy computing ecosystem. The Microsoft SDL guideline is now available at https://www.microsoft.com/downloads/details.aspx?FamilyID=2412C443-27F6-4AAC-9883-F55BA5B01814&displaylang=en.  I have also attached the guidelines doc with this blog for quick reference.

There was a recent video published on analyzing what software vendors should do to create and sustain secure software and also to show Microsoft’s security leadership through SDL – By, trusted advisors from Gartner and Microsoft. Speakers: John Pescatore (VP & Research Fellow, Gartner), James Whittaker (Security Architect, Microsoft), Michael Howard (Principal Program Manager, Microsoft). Here is the webcast - https://www.itbriefingcenter.com/programs/gartner_microsoft_358.html.

To know more details on Trustworthy computing, refer to this https://www.microsoft.com/mscorp/twc/default.mspx.

Microsoft SDL - Version 3.2.doc