Windows Vista : Threat-driven Design combined with Security Quality Process

What is the difference between foundational security and security features?

Name 3 security companies.  Who did you name?  Symantec?  Checkpoint?  RSA?  ISS? These companies all offer products that provide security features or capabilities. 

What if Microsoft had no firewall?  What if we had no PKI and certificate services?  What if we had no plans for Forefront Security products?  Would those of in the Security Technology Unit (STU) be out of work?

No.  Many of us are not focused on products and features, we’re focused on security that is more foundational and inherent to all software, not just security features or capabilities.  We want to (a) reduce security flaws  in software, (b) reduce exploitability of flaws that aren’t found before ship, and (c) make it easier to mitigate.

So, I think of securty in Windows Vista, I think about design changes driven by Threat modeling such as ASLR , /GS, NX flag, attack surface reduction, /SafeSEH and service hardening.

For an excellent description of how this applies to Windows Vista, read Mike Howard’s latest blog post that describes the bigger picture of Windows Vista security.

About the Author
Jeff Jones

Principal Cybersecurity Strategist

Jeff Jones a 27-year security industry professional that has spent the last decade at Microsoft working with enterprise CSOs and Microsoft's internal teams to drive practical and measurable security improvements into Microsoft products and services. Additionally, Jeff analyzes vulnerability trends Read more »