We focus on security fundamentals, including making online activities, software, and services safer. As part of Trustworthy Computing, Microsoft trains its developers, testers, and program managers to build more secure software code, following an approach known as the Security Development Lifecycle (SDL). Since 2003, Microsoft has also been working with national governments around the world on building and deploying more secure IT infrastructure and services in the Government Security Program.
We also focus on enhancing the processes and tools used in updating customer software. Microsoft works to make the updating process more manageable by making it predictable, improving the quality of updates, and investing in effective tools and product enhancements to make it easier.
Threat and Vulnerability Mitigation
Microsoft strives to deliver a comprehensive and integrated portfolio of software and technologies that suit the needs of all customers by providing the following benefits:
Central visibility and control of risk
Reduced exposure to threats through leading technologies and an in-depth approach to defense
Seamless integration with existing IT systems and within the security portfolio
Our approach also helps reduce an organization's exposure to attacks through best-of-breed threat protection, detection, and removal. Data that is collected using various feedback mechanisms combined with global research and collaboration help promote fast discovery of protection against new threats.
Identity and Access Control
Tackling this challenging aspect of security is another important layer of Microsoft's in-depth approach to defense. It has three parts:
Trustworthy identity: Focusing on innovation and integration to help ensure that users are trustworthy.
Access policy management: Managing policy that dictates what resources each user can access.
Information protection: Helping protect information permanently, wherever it is stored.