Download - Security & Scaling at Microsoft
![Page 1: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/1.jpg)
Security & SoftwareDisasters & changing perception
Eric Mittelette & Stanislas Quastana | Microsoft
![Page 2: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/2.jpg)
Do you remember those dark days ?
May 4th 2000July 13th 2001
September 28th 2001January 25th 2003August 13th 2003
![Page 3: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/3.jpg)
As Microsoft employees we do
![Page 4: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/4.jpg)
![Page 5: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/5.jpg)
![Page 6: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/6.jpg)
![Page 7: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/7.jpg)
![Page 8: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/8.jpg)
![Page 9: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/9.jpg)
![Page 10: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/10.jpg)
15 minutes before SQL Slammer infection
![Page 11: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/11.jpg)
SQL Slammer (aka Sapphire) infection
![Page 12: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/12.jpg)
Blaster (aka LOVE YOU SAN)
![Page 13: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/13.jpg)
![Page 14: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/14.jpg)
![Page 15: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/15.jpg)
![Page 16: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/16.jpg)
Why we fail ?
![Page 17: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/17.jpg)
Reason 1 : features, features, features….
![Page 18: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/18.jpg)
![Page 19: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/19.jpg)
![Page 20: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/20.jpg)
Reason 2 : Security was not in Developer’s DNA
![Page 21: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/21.jpg)
Reason 3 : Everything was installed and started by default
Ex: IIS Web Server
![Page 22: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/22.jpg)
![Page 23: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/23.jpg)
Which response ?
![Page 24: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/24.jpg)
“Computing is already an important part of many people’s lives. Within ten years, it will be an integral and indispensable part of almost everything we do. Microsoft and the computer industry will only succeed in that world if CIOs, consumers and everyone else sees that Microsoft has created a platform for Trustworthy Computing”
![Page 25: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/25.jpg)
“We have done a great job of having teams work around the clock to deliver security fixes for any problems that arise.
Our responsiveness has been unmatched – but as an industry leader we can and must do better”
![Page 26: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/26.jpg)
“Flaws in a single Microsoft product, service or policy not only affect the quality of our platform and services overall, but also our customers’ view of us as a company”
![Page 27: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/27.jpg)
![Page 28: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/28.jpg)
“So now, when we face a choice between adding features and resolving security issues, we need to choose security”
![Page 29: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/29.jpg)
So what we did ?
![Page 30: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/30.jpg)
Stop all developmentThe 1st time in our history
![Page 31: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/31.jpg)
Every Microsoft developer : back to school !!!Mandatory annual security training
![Page 32: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/32.jpg)
« One book to protect them all »
![Page 33: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/33.jpg)
Dear developers
Few security bugs in your code = more money in your pocket
![Page 34: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/34.jpg)
SDLC is the Microsoft security audit & expertise substance published as a methodology
![Page 35: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/35.jpg)
Security Team created
![Page 36: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/36.jpg)
Final Security Review mandatory
![Page 37: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/37.jpg)
Did it work ?
First results
![Page 38: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/38.jpg)
![Page 39: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/39.jpg)
![Page 40: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/40.jpg)
Helping IT customers in their job
![Page 41: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/41.jpg)
As you see, we did a lot of things
But…
![Page 42: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/42.jpg)
“Security is a journey, not a destination”
![Page 43: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/43.jpg)
10 years later
Is it better ?
![Page 44: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/44.jpg)
![Page 45: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/45.jpg)
![Page 46: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/46.jpg)
“Security is a journey, not a destination”
![Page 47: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/47.jpg)
Sometimes it’s better to be the first…
![Page 48: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/48.jpg)
Security is an industry problem not a single company issue
![Page 49: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/49.jpg)
Really ?
![Page 50: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/50.jpg)
![Page 51: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/51.jpg)
![Page 52: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/52.jpg)
![Page 53: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/53.jpg)
![Page 54: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/54.jpg)
![Page 55: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/55.jpg)
same feature but 10 years later
![Page 56: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/56.jpg)
“Security is a journey, not a destination”
![Page 57: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/57.jpg)
![Page 58: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/58.jpg)
“Security is a journey, not a destination”
![Page 59: Security & Scaling at Microsoft](https://reader035.vdocuments.mx/reader035/viewer/2022081516/54c823654a79592c758b458f/html5/thumbnails/59.jpg)
Thanks you
@EricMitt & @SQuastana