Loading in 2 Seconds...
Loading in 2 Seconds...
Privacy and Security by Design: How Microsoft Builds Privacy and Security into Software and Online Services . Adam Shostack Senior Program Manager Security Engineering & Communications Sue Glueck Senior Privacy Attorney Microsoft Corporation. Agenda. Background Privacy at Microsoft
Senior Program Manager
Security Engineering & Communications
Senior Privacy Attorney
Privacy:Empowering users to control the collection, use, and distribution of their personal information
Security:Establishing protective measures that defend against hostile acts or influences
It is possible to have a secure system that does not respect the privacy of the user.
Privacy AND Security are key factors for trust
Deliverables throughout the Product lifecycle.
Integrated Compliance Tracking Tools
Online and Live Privacy Training available
© 2006 Microsoft Corporation
on special offers of Xbox® games.
“We actually consider Microsoft to be leading the software [industry] now in improvements in their security development life cycle [SDL].”
Vice President and Distinguished Analyst
(From CRN, Feb 13th 2006)
IIS5 vs IIS6
SQL Server 2000 vs SQL Server 2000 SP3
reduction in vulnerabilities
IE6 vs IE6 SP2
Microsoft Under AttackNot by angry customers suing for damages after security breaches, or by governments breaking up monopolies, but by open source developers and security professionals accusing them of being obsessed by security.
June 2, 2006
Download the Privacy Guidelines at http://go.microsoft.com/fwlink/?LinkID=75045
Send us feedback at email@example.com
Participate in the dialog - help set industry best practices
Read The Security Development Lifecycle (Lipner and Howard)
Adopt an SDL for your business
Without security, there’s less “protect” in data protection
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
According to the National Vulnerability Database, 262 vulnerabilities were reported in Microsoft products in 2006
NVD cataloged 6600 total vulnerabilities in 2006 (industry wide), ~18 vulnerabilities per day