Microsoft on Tuesday released updated versions of white papers focused on software supply chain security and critical infrastructure protection.
According to Kevin Sullivan, Principal Security Strategist, Trustworthy Computing at Microsoft, the papers draw on Microsoft’s policies and practices that involve regular assessments of the security challenges facing its customers and their operations.
The two updated whitepapers, as described by Sullivan, include:
Toward a Trusted Supply Chain: A Risk Based Approach to Managing Software Integrity (PDF) – This paper describes Microsoft’s framework for incorporating software integrity risk-management practices in both the product development process and online services operations. The paper first presents an overview of our approach to providing risk-based protection for the integrity of Microsoft’s software during development and distribution. It then presents the details of our approach to assessing the risks to the supply chain and determining where to apply security controls. Finally, the paper summarizes some of the specific controls that we rely on to protect the integrity of our software products.
Critical Infrastructure Protection: Concepts and Continuum (PDF) – Draws upon our work with critical infrastructure owners and operators, coupled with our more than three decades of experience with our own internal systems. Modern life is increasingly reliant on a wide-ranging set of functions, services, systems, and assets, commonly referred to as infrastructures. Governments view several of these infrastructures, such as mcommunications, banking, energy, transportation, and healthcare, as critical, since their disruption, destruction, or loss of integrity can impact a nation’s stability. We’ve found that that effective critical infrastructure protection efforts share three core principles: trustworthy policies and plans; resilient operations; and innovative investments. This paper describes how these principles, enabled by trusted collaboration, form a continuum for protecting critical infrastructure.
For additional white papers and security resources visit SecurityWeek’s comprehensive white paper library.