Managing and protecting software vulnerabilities

  • Article

Vulnerabilities are weaknesses in software that enable an attacker to compromise the integrity, availability, or confidentiality of that software. As long as human beings write software code, no software is perfect and mistakes that lead to imperfections and vulnerabilities in software will be made.

To combat software vulnerabilities, Microsoft assists its customers to understand and manage the related risks posed to their information technology (IT) environment by enabling them to plan, resource, schedule and budget for the associated system maintenance. In unison, Microsoft and the security engineers, product managers, program managers, and communications professionals it employs continue to be dedicated to creating secure, private, and reliable computing experiences for everyone.

Microsoft has released a whitepaper describing our processes to investigate and release security updates that address vulnerabilities in the software it produces. In this paper you’ll learn about this process and how Microsoft uses a multipronged approach to help its customers manage their risks. This approach includes three key elements:

• High quality security updates - using world class engineering practices to produce high quality security updates that can be confidently deployed to over a billion diverse systems in the PC eco-system and help customers minimise disruptions to their businesses;
• Community based defence - Microsoft partners with many other parties when investigating potential vulnerabilities in Microsoft software. Microsoft looks to mitigate exploitation of vulnerabilities through the collaborative strength of the industry and through partners, public organisations, customers, and security researchers. This approach helps to minimise potential disruptions to Microsoft’s customers’ businesses;
• Comprehensive security response process - employing a comprehensive security response process that helps Microsoft effectively manage security incidents while providing the predictability and transparency that customers need in order to minimise disruptions to their businesses.

The whitepaper is available for download from Microsoft’s download Centre.