Microsoft Opens Up On Security Research - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Microsoft Opens Up On Security Research

Microsoft's Security Vulnerability Research and Defense blog provides in-depth technical information and ways security professionals can protect an organization from vulnerabilities.

Microsoft has launched a security blog that provides more technical details about the vulnerability research behind the patches and security updates the company releases each month.

The Security Vulnerability Research and Defense blog, introduced Thursday, provides in-depth technical information and ways security professionals can protect an organization from vulnerabilities. The blog will be updated the second Tuesday of every month, called "Patch Tuesday," which is when Microsoft releases security updates for Windows and other software.

"During our vulnerability research, we discover a lot of interesting technical information," Microsoft said in the first posting. "We're going to share as much of that information as possible here because we believe that helping you understand vulnerabilities, workarounds, and mitigations will help you more effectively secure your organization."

During technical investigations of security issues, information is discovered that doesn't make it in the official security updates, but is important to share, the company said. Such technical data will include, for example, situations or attack vectors where workarounds may not be 100% effective, and workarounds that are specific to a particular attack or that are so "super complicated" that they can't be recommended to all customers.

In addition, the company said it would provide details on mitigations that might not be present in all cases, best- practices-type guidance that applies to a particular vulnerability, and "interesting facts" about a vulnerability Microsoft is fixing that will help customers learn more about Windows, the security infrastructure, or the way the company conducts investigations.

There also will be debugging techniques and information on how to triage security vulnerabilities, and overviews on some of the challenges the company faces when fixing specific security bugs. The company, however, included a disclaimer that said security bulletins or security advisories would remain "the ultimate authority."

Bloggers will include Damian Hasse, lead security software engineer at Microsoft, and Jonathan Ness, who leads the company's Secure Windows Initiative defense team. The blog's debut discussed two patches, MS07-063 and MS07-065, which were published Dec. 11.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll