微软蓝灰风格经典模板.ppt

* * * * * * * * * * * * * * * * * * * * Microsoft Security Strategy 站长站素材 SC.chinaz.COM Session Agenda Focus on Customer Challenges Microsoft Security Strategy Secure Windows Initiative Strategic Technology Protection Program Trustworthy Computing Building the secure platform .NET Framework Windows .NET Summary Questions Technology, Process, PeopleWhat are the challenges? Products lack security features Products have bugs Insufficient technical standards Difficult to stay up-to-date Design for security Roles responsibilities Vigilance Business continuity plans Stay up-to-date with security development Problem recognition Skills shortage Human error Process People Technology Trustworthy Computing Strategic Technology Protection Program Secure Windows Initiative Microsoft Security Strategy Secure Windows Initiative“Engineering For Security” Goal: Eliminate Every Security Vulnerability Before The Product Ships People Process Technology Industry Yardstick Source: Security Focus /vulns/stats.shtml Secure Windows Initiative People Train, and keep current, every developer, tester, and program manager in the specific techniques of building secure products Process Make security a critical factor in design, coding and testing of every product Microsoft builds Cross-group design code reviews Security Threat Analysis part of every design spec Red Team testing and code reviews Focus not confined to buffer overruns Security bug feedback loop code sign-off requirements External reviews and testing by consultants and public Technology Build tools to automate everything possible in the quest to code the most secure products Prefix and Prefast for buffer overrun detection Updated as new vulnerabilities found Visual C++ 7.0 compiler improvements Domain-specific tools (i.e. RPC security stress) Secure Windows InitiativeExternal Security Review FIPS 140-1 evaluation of Cryptographic Service Provider (CSP) – Completed Government validation of base crypto algorithms in Windows C