Preparing your enterprise to eliminate passwords

Read more Preparing your enterprise to eliminate passwords

Attention Students: Only 3 Weeks Left to Enter the Cybersecurity 2020 Essay Contest

Read more Attention Students: Only 3 Weeks Left to Enter the Cybersecurity 2020 Essay Contest

The time is now. Security Development Must be a Priority for Everyone


Today marks the first day of the
Security Development Conference 2013.  Security professionals from companies, government agencies and academic institutions have traveled from all over the world to learn, network and share proven security development practices that can reduce an organization’s risk. As I sit here waiting for Scott Charney to take the stage, I am reminded that it’s been almost a decade since Microsoft implemented its Security Development Lifecycle (SDL).  So much has changed in that time.  

In the past decade, Internet usage has gone from roughly 350 million people online to more than 2.4 billion. Today there are more opportunities than ever before for developers.  Windows 8 is still relatively new, the cloud is in its early stages of adoption and there has been an explosion in new mobile devices and platforms. While the Internet has created many new opportunities and ways to do business, it has also spawned a digital underground for online crime. Security breaches that have financial consequences or lead to intellectual property loss, website defacement or espionage have become a reality in today’s computing landscape.

Many of the developers I talk with generally recognize the importance of security development. Despite this, the evidence suggests that the vast majority of organizations still have not adopted security development as a fundamental professional discipline. Microsoft recently surveyed over 2200 IT professionals and 490 developers worldwide.  The survey found that only 37 percent of IT Professionals cited their organizations as building their products and services with security in mind.  Furthermore, 61 percent of developers were not taking advantage of mitigation technologies that already exist such as ASLR, SEHOP and DEP. These mitigations have been freely available to the industry for years and are often simple additions to existing development practices–and yet only a minority of developers are leveraging them.  This is concerning to me and it should be concerning to everyone who uses the Internet.

Read more The time is now. Security Development Must be a Priority for Everyone

Men or women – Who is better when it comes to their mobile manners?

Chances are you have your mobile phone with you right now. These devices allow us to keep pace with the demands of our busy digital lifestyles. They also allow us to tell everyone, everything, all the time. There are multiple opinions on the breakdown of social etiquette due to oversharing information, but there’s no denying that certain mobile phone behaviors are not only annoying, they may even be risky.

Whether it’s loud talkers or not silencing a phone during a movie, some mobile manners like pocket dialing someone because your phone isn’t locked, or tagging photos without permission, may put personal information at risk. But who is better at protecting their personal information? Men, or women?

At Microsoft, we want to know what you think. That’s why we’re kicking off our Mobile Manners and Mayhem Facebook poll. Rank your biggest mobile phone pet peeves and tell us your own mobile mayhem story. On May 20, we’ll release the results and reveal who is better at protecting themselves online, men or women.

At a very young age, we are taught to share.  Share our toys, our thoughts, our gratitude.  But in today’s digital society, all this oversharing online, may put us in harm’s way. Your personal information is a valuable commodity to criminals and, just like your personal computer, your mobile phone is equally attractive to those who would misuse this information.

Read more Men or women – Who is better when it comes to their mobile manners?

Mobile manners and mayhem: What are your smartphone pet peeves?

Read more Mobile manners and mayhem: What are your smartphone pet peeves?

Cybersecurity 2020 Student Essay Contest

Read more Cybersecurity 2020 Student Essay Contest

Research Data to Help Understand the ROI of Your Security Investments

Many organizations and governments around the world struggle to quantify the value of making security investments in an environment of increasingly complex business models, fast-moving technology shifts and ever-more sophisticated cyber criminals.  In this fluid environment, it can be challenging to justify resources and budget for situations such as a security incident that did not interrupt business operations. Budget approvals often occur after an incident occurs and when the damage is already done.  Given this dynamic, and the need to keep customers protected from changes in the threat landscape, Microsoft has remained committed to producing threat intelligence that can help inform different security investments. 

We have long reported on the changing threat landscape through the Microsoft Security Intelligence Report (SIR). In a new, Special Edition SIR report released last month titled “Linking Cybersecurity Policy and Performance,” we provide insight into different socio-economic factors that can influence cybersecurity outcomes. The study examines how socio-economic factors, such as GDP per capita, broadband penetration, mobile devices and Facebook usage correlate with cybersecurity outcomes as measured by regional malware infection rates. This data is designed to help organizations and governments better understand the potential impact socio-economic factors have on cybersecurity and serve to inform security investment decisions. 

Read more Research Data to Help Understand the ROI of Your Security Investments

Being safer when using mobile apps

Read more Being safer when using mobile apps

Special Edition Security Intelligence Report Released – How Socio-economic Factors Affect Regional Malware Rates

Read more Special Edition Security Intelligence Report Released – How Socio-economic Factors Affect Regional Malware Rates

Microsoft’s Free Security Tools – Microsoft Security Compliance Manager Tool (SCM)

This article in our free security tools series focuses on the benefits of the Microsoft Security Compliance Manager tool (SCM).  One of the most important tools for managing and securing Windows environments is Group Policy.  Group Policy is often used in enterprise environments to help control what users can and cannot do on a computer system.  IT Professionals typically leverage Group Policy for a number of reasons but one of its primary benefits is to help manage security for groups of systems and reduce support costs.  While the value of Group Policy is clear, maximizing its potential can sometimes be a daunting task.  To help ease the management process for Group Policy, Microsoft released a free tool called the Microsoft Security Compliance Manager (SCM). 

Read more Microsoft’s Free Security Tools – Microsoft Security Compliance Manager Tool (SCM)

3 ways to increase your mobile safety this holiday season

Read more 3 ways to increase your mobile safety this holiday season

Microsoft’s Free Security Tools – A Deeper Look at XSS Attacks and Microsoft’s free Anti-Cross-Site Scripting Library

This article in our free security tools series focuses on the benefits of the Microsoft Anti-Cross-site Scripting Library (Anti-XSS).  Cross-site scripting (XSS) is an attack technique in which an attacker inserts malicious HTML and JavaScript into a vulnerable webpage, often in an effort to distribute malware or to steal sensitive information from the website or its visitors. 

Read more Microsoft’s Free Security Tools – A Deeper Look at XSS Attacks and Microsoft’s free Anti-Cross-Site Scripting Library

Mobile safety tips for back to school

Read more Mobile safety tips for back to school