Search Microsoft Security
Search Microsoft.com

Microsoft Security Engineering Center

Who We Are and What We Do


The Microsoft Security Engineering Center helps to protect Microsoft customers by delivering inherently more secure products and services, through the Microsoft Security Development Lifecycle (SDL), comprehensive security assurance in software development and state-of-the-art security science. MSEC addresses software security via three main areas—Process, People, and Technology

The Microsoft Security Engineering Center, the Microsoft Security Response Center (MSRC), and the Microsoft Malware Protection Center (MMPC) work together to protect Microsoft customers throughout the entire software lifecycle: development, deployment, and operations.

Image of Security Assurance web diagram - MSEC Web Diagram

What is Security Science?


Get Microsoft Silverlight

The video highlights the proactive work of the Trustworthy Computing with the goal of providing secure, private, and reliable computing experiences for everyone.


 

Process (Security Development Lifecycle)

The Microsoft Security Development Lifecycle (SDL) is the industry-leading software security assurance process. The SDL has played a critical role in embedding security and privacy into the Microsoft software and culture, leading to measurable security and privacy improvements in flagship products such as Windows Vista, Microsoft Office, and Microsoft SQL Server.

  • SDL infuses security into the entire software development process: from requirements, through testing, to product release.
  • Through education, tools, and the development process, SDL provides a comprehensive solution for developing more secure software.
  • SDL was designed as an integral part of the development process.
  • SDL includes threat modeling to enable developers to analyze security in a structured and holistic manner.
  • SDL requirements and technologies are continuously improved to reflect new security techniques and to respond to new threats.
  • SDL is based on risk management, empowering managers to make educated and practical security business decisions.
  • SDL reduces the “Total Cost of Development” by finding and eliminating vulnerabilities early.

For more information, see The Microsoft Security Development Lifecycle.


 

People (Security Assurance)

The Security Assurance team is a group of security experts that helps teams create secure products so the teams can meet or exceed SDL requirements. Security Assurance also influences the design and strategy of the SDL.

The Microsoft Security Science team helps protect customers by improving security and privacy in Microsoft products through applied security research. Security Science develops more effective and scalable ways to find vulnerabilities, researches innovative exploit mitigation techniques and applies them to Microsoft products, focusing on tracking new exploits and providing early warnings about them.

Protecting Microsoft customers throughout the entire life cycle

The Microsoft Security and Engineering Center works with two other Microsoft security centers: the Microsoft Security Response Center and the Microsoft Malware Protection Center to help protect customers throughout the entire software lifecycle: development, deployment, and operations.


 

Tools and Resources

Mitigating Software Vulnerabilities White Paper
Learn how exploit mitigation technologies can help prevent attacks caused by software vulnerabilities.

!Exploitable Crash Analyzer
This Microsoft Windows debugging extension provides automated crash analysis and security risk assessment.

Software Vulnerability Exploitation Trends
This whitepaper features new research that examines the impact of security mitigations that Microsoft has implemented over time to address software vulnerabilities.