Security News
Kyle Alspach
The rollout of numerous changes to the tech giant’s software engineering process are intended to set a ‘new standard for security’ at Microsoft, President Brad Smith said in a blog post.
Microsoft’s New Security Memo
Microsoft is rolling out an array of major changes to its software engineering process aimed at improving the security of its widely used platforms, the company announced Thursday. In a pair of blog posts, top executives from the Redmond, Wash.-based tech giant outlined updates that are meant to enable its software to be secure by default while also improving key areas such as identity security and cloud vulnerability mitigation. The changes are a part of Microsoft’s newly announced Secure Future Initiative, the company said.
[Related: Microsoft Says 15,000 Partners Are Driving Its $20 Billion Security Business]
While the new initiative also aims to use AI in a bigger way to address evolving cyberthreats, the changes around Microsoft’s software engineering will potentially impact the company’s largest platforms including Azure, Windows and Office 365.
The changes come just a few months after a high-profile Microsoft cloud breach that impacted U.S. government email accounts, and prompted an inquiry into Microsoft’s security practices by U.S. Sen. Ron Wyden. Separately, industry executives including Tenable CEO Amit Yoran have recently accused Microsoft of responding slowly and inadequately to vulnerability disclosures. And federal cybersecurity officials such as CISA Director Jen Easterly have slammed Microsoft’s monthly “Patch Tuesday” software release, which typically reveals scores of vulnerabilities, saying it represents the opposite of a “secure by default” approach to software development.
‘New Standard For Security’
In one of the blog posts announcing the changes Thursday, Microsoft President Brad Smith wrote that its new initiative will “bring together every part of Microsoft to advance cybersecurity protection.” The initiative will set “a new standard for security” at Microsoft through evolving “the way we design, build, test, and operate our technology,” Smith said.
In the second post, Microsoft’s top security executive, Executive Vice President Charlie Bell, wrote that “a more secure future will require new advances in fundamental software engineering.”
Notably, Bell’s blog post references Bill Gates’ famous 2002 memo on “Trustworthy Computing,” in which Gates committed Microsoft to bringing a stronger focus on the security of its products. Bell included one of Gates’ lines from the memo: “If we don’t do this, people simply won’t be willing — or able — to take advantage of all the other great work we do.” For Microsoft, Bell wrote, that notion “still holds true over two decades later.”
What follows are five big Microsoft changes meant to improve its security.