The Latest in IT Security

Microsoft Updates Reports on Software Supply Chain Security, Critical Infrastructure Protection


Microsoft on Tuesday released updated versions of white papers focused on software supply chain security and critical infrastructure protection.

According to Kevin Sullivan, Principal Security Strategist, Trustworthy Computing at Microsoft, the papers draw on Microsoft’s policies and practices that involve regular assessments of the security challenges facing its customers and their operations.

The two updated whitepapers, as described by Sullivan, include:

Toward a Trusted Supply Chain: A Risk Based Approach to Managing Software Integrity(PDF) – This paper describes Microsoft’s framework for incorporating software integrity risk-management practices in both the product development process and online services operations. The paper first presents an overview of our approach to providing risk-based protection for the integrity of Microsoft’s software during development and distribution. It then presents the details of our approach to assessing the risks to the supply chain and determining where to apply security controls. Finally, the paper summarizes some of the specific controls that we rely on to protect the integrity of our software products.

Critical Infrastructure Protection: Concepts and Continuum(PDF) – Draws upon our work with critical infrastructure owners and operators, coupled with our more than three decades of experience with our own internal systems. Modern life is increasingly reliant on a wide-ranging set of functions, services, systems, and assets, commonly referred to as infrastructures. Governments view several of these infrastructures, such as mcommunications, banking, energy, transportation, and healthcare, as critical, since their disruption, destruction, or loss of integrity can impact a nation’s stability. We’ve found that that effective critical infrastructure protection efforts share three core principles: trustworthy policies and plans; resilient operations; and innovative investments. This paper describes how these principles, enabled by trusted collaboration, form a continuum for protecting critical infrastructure.

For additional white papers and security resources visit SecurityWeek’s comprehensive white paper library.


Managing Editor, SecurityWeek.Previous Columns by Mike Lennon:Microsoft Updates Reports on Software Supply Chain Security, Critical Infrastructure ProtectionFireEye to Acquire Network Forensics Firm nPulse Technologies in $70 Million DealIBM Unveils New Threat Protection SuiteTarget CEO to Step Down Following Massive Data BreachZeroFOX Secures $10.7 Million to Tackle Social Threats

sponsored links


Risk Management

Comments are closed.



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments