Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Risk Management

Microsoft Updates Reports on Software Supply Chain Security, Critical Infrastructure Protection

Microsoft on Tuesday released updated versions of white papers focused on software supply chain security and critical infrastructure protection. 

Microsoft on Tuesday released updated versions of white papers focused on software supply chain security and critical infrastructure protection. 

According to Kevin Sullivan, Principal Security Strategist, Trustworthy Computing at Microsoft, the papers draw on Microsoft’s policies and practices that involve regular assessments of the security challenges facing its customers and their operations.

The two updated whitepapers, as described by Sullivan, include:

Toward a Trusted Supply Chain: A Risk Based Approach to Managing Software Integrity (PDF) – This paper describes Microsoft’s framework for incorporating software integrity risk-management practices in both the product development process and online services operations. The paper first presents an overview of our approach to providing risk-based protection for the integrity of Microsoft’s software during development and distribution. It then presents the details of our approach to assessing the risks to the supply chain and determining where to apply security controls. Finally, the paper summarizes some of the specific controls that we rely on to protect the integrity of our software products.

Critical Infrastructure Protection: Concepts and Continuum (PDF) – Draws upon our work with critical infrastructure owners and operators, coupled with our more than three decades of experience with our own internal systems.  Modern life is increasingly reliant on a wide-ranging set of functions, services, systems, and assets, commonly referred to as infrastructures. Governments view several of these infrastructures, such as mcommunications, banking, energy, transportation, and healthcare, as critical, since their disruption, destruction, or loss of integrity can impact a nation’s stability. We’ve found that that effective critical infrastructure protection efforts share three core principles: trustworthy policies and plans; resilient operations; and innovative investments.  This paper describes how these principles, enabled by trusted collaboration, form a continuum for protecting critical infrastructure.

For additional white papers and security resources visit SecurityWeek’s comprehensive white paper library.

Advertisement. Scroll to continue reading.
Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Risk Management

In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing.