Security Baselines Harmonization Campaign | White paper
As the integrity of ICT systems become progressively critical to a nation’s well-being, governments are increasingly concerned about the threat to their systems through the global supply chain for technology products. These concerns stem from the fear that an adversary might tamper with products during their development, manufacturing, or delivery.
For Microsoft, the protection of our supply chain is not new and we hope that some of the lessons we have learned can be applied elsewhere. This White Paper describes Microsoft’s framework for incorporating software integrity risk-management practices in both the product development process and online services operations, outlining:
- The steps that Microsoft takes to develop and implement a risk-based approach to managing software integrity risks and
- Specific security and software integrity measures that help reduce the risk of attacks on the product supply chain.