Microsoft’s commitment to the Core Infrastructure Initiative

For more than a decade, we’ve made significant investments in securing our devices and services. What people may not know is that we’ve also been involved in cross-platform activities for some time. We recognize that the environments of our customers are heterogeneous and require interoperability.

One of the ways we engage is through participation in relevant and emerging technical standards setting processes. Microsoft is active with 150 standards organizations and in 400 working groups. Our active engagement in several open source software (OSS) development communities has made it possible for nine of the 10 most downloaded OSS projects to run on Windows, and has created a flexible environment that supports customer choice with services such as Microsoft Azure. Read more about our commitment to open source collaboration, including the work within the Microsoft Open Technologies, Inc. subsidiary.

Today, we announce a continuation of these investments as a founding member of the Core Infrastructure Initiative (CII), a program that will identify and fund open source projects that comprise critical elements of the global information infrastructure.

The CII began as a result of the recent OpenSSL “Heartbleed” vulnerability which, according to Netcraft’s April 2014 Web Server Survey, may have impacted nearly 66 percent of active sites on the internet.  Although customers running Microsoft services are not affected by this vulnerability, we know that security is an industry-wide issue requiring industry-wide collaboration.

That is why we look forward to working with others in the CII, discussing our respective learnings, and sharing resources and tools, such as the Security Development Lifecycle (SDL),to drive further developments, both in the standards space, and in the security development work across the industry.

About the Author
Steve Lipner

Partner Director of Software Security, Trustworthy Computing

Steven B. Lipner is Partner Director of Software Security in Trustworthy Computing Security at Microsoft. He is responsible for programs that provide improved product security for Microsoft customers. Lipner leads Microsoft’s Security Development Lifecycle (SDL) team and is responsible for Read more »