| | | Trustworthy Computing | April 2013 |  | | Microsoft Security Newsletter | | | | | | | | Welcome to April’s Security Newsletter! | This month’s newsletter theme focuses on the importance of secure development. With the rapid evolution of technology, more and more governments, organizations, and individuals are relying on computing for everyday tasks. Software has been integrated into a wide range of devices and infrastructure including ATMs, medical equipment, power grids, media center consoles, and mobile devices. As technology becomes more and more woven into the fabric of society, the need to minimize the number and severity of vulnerabilities in software is increasingly important.
Next month (on May 14th and 15th), we will host the second annual Security Development Conference. This year’s conference is in San Francisco and it will bring together some of the best and brightest information security professionals from a variety of industries. Attendees will learn about proven security development practices through interactions with peers, luminaries, and other organizations. Sessions will cover the latest security development techniques and processes that can reduce risk and help protect organizations in this rapidly evolving technology landscape. The conference span two days, offering over 20 sessions in three tracks: Engineering for Secure Data, Security Development Lifecycle & Data Security, and Business Risk & Data Security. This year’s keynote speakers include Scott Charney, Corporate VP Trustworthy Computing, Microsoft; Howard Schmidt, Executive Director, SAFECode and former cyber security advisor to the president Edna M Conway, Chief Security Strategist Global Supply Chain, Cisco Systems; Brad Arkin, Senior Director of Security Adobe Secure Software, Engineering Team (ASSET). If you are interested in advancing your organization’s security development practices then I strongly encourage you to check out the conference. Register today with this special code—IND@SDC#12—exclusively for our newsletter subscribers and save $300.00 off current registration prices. I hope to see many of you there.
|  | | Best regards,
Tim Rains, Director
Microsoft Trustworthy Computing | | |  | | Top Stories |  |  | | | Microsoft Security Intelligence Report Volume 14 Now Available
Volume 14 of the Microsoft Security Intelligence Report (SIR) offers an in-depth perspective on software vulnerabilities and exploits, malware, potentially unwanted software, and malicious websites based on detailed trend analyses over the past several years, with a focus on the second half of 2012. Download the full report, read key findings, and check out the featured article on Measuring Benefits of Real-Time Security Software.
Malicious Websites Now the Top Threat to the Enterprise
New data published in volume 14 of the Microsoft SIRs shows that seven out of the top 10 threats affecting enterprises were known to be delivered through malicious websites. Explore this new trend and learn what you can do to protect your enterprise from this growing threat.
Introducing EMET v4 Beta
The Enhanced Mitigation Experience Toolkit (EMET) is a free utility that helps prevent memory corruption vulnerabilities in software from being successfully exploited for code execution. Improvements in v4 are designed to enable EMET to be an effective mitigation layer for a wider variety of potential software exploit scenarios, to provide stronger protections against scenarios where EMET protection already exists, and to provide a way to respond to 0 day exploits as soon as possible. | | | | Security Guidance | | | | | Security Tip of the Month: The Security Response Readiness Assessment
Learn how to use Microsoft’s free Security Response Readiness Assessment tool to help you evaluate the effectiveness of your software security response processes and identify areas for improvement.
Microsoft Security Development Lifecycle (SDL) Process Guidance – Version 5.2
In order to provide transparency on its internal software security development process, Microsoft makes its SDL process guidance available to the public. The Microsoft SDL guidance illustrates the way Microsoft applies the SDL to its products and technologies, including security and privacy requirements and recommendations for secure software development at Microsoft. It addresses Waterfall and Spiral development, Agile development, web applications, and line of business applications—and is available as both online guidance in the MSDN Library or as a download.
Simplified Implementation of the Microsoft SDL
Not familiar with the Microsoft SDL? Read this overview of the core concepts of the SDL process and the individual security activities that should be performed. You can also review this helpful list of frequently asked questions.
Microsoft SDL Tools Overview
Quickly learn why development teams should download the SDL Implementation guidance and see how the Microsoft SDL toolset is meant to work together to help a company implement all the phases of the Microsoft SDL from requirements to software release. Want to learn more about each tool? Visit the Microsoft SDL Tools page and click through the lifecycle to explore the tools associated with each phase.
The SDL Chronicles
The SDL Chronicles bring together the most compelling evidence of the positive benefits of adopting secure development processes. The document includes a report on the importance and value of strategic security development for several sectors of the U.S. economy as well as three case studies.
Microsoft SDL Forum
Looking for assistance or additional guidance for the Microsoft SDL process? Check out the Microsoft SDL Forum for answers to common (and not so common) questions, or post a question of your own. Microsoft Services and the SDL Pro Network also offer training, consulting, and tools services designed to help you adopt the SDL process and make security and privacy an integral part of your software development. | | | | Cloud Security Corner | | | | | Security Considerations for Client and Cloud Applications
The increasing importance of "client and cloud" computing raises a number of important concerns about security. Understand how Microsoft addresses potential security vulnerabilities during the development of "client and cloud" applications using the SDL. | | | | This Month’s Security Bulletins | | | | | Microsoft Security Bulletin Summary for April 2013
| | April 2013 Security Bulletin Resources:
| | | | Security Events and Training | | | | | Security Development Conference
May 14–15, 2013 – San Francisco, CA
Hear from leading security experts, grow your professional network, and learn how to implement or accelerate the adoption of secure development practices within your organization. This year’s conference is focused on "Proven Practices, Reduced Risk," and will feature an event keynote from Trustworthy Computing Corporate Vice President Scott Charney supported by tracks on Engineering for Secure Data, Security Development Lifecycle & Data Security, and Business Risk & Data Security. Seating is limited; register today to secure your spot.
TechNet Webcast: Information about the May 2013 Security Bulletin Release
Wednesday, May 15, 2013
Join this webcast for a brief overview of the technical details of May’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.
TechEd North America 2013
June 3-6, 2013 – New Orleans, LA
Learn how you can achieve your business goals while still protecting your assets and infrastructure. With the Architecture & Trustworthy Computing and Windows Client, Access & Management tracks at this year’s TechEd, you’ll learn how to provide consistent and secure user experiences for corporate- or employee-owned devices, while also helping to safeguard corporate data and resources through policy compliance and optimized application delivery. Learn how to leverage Microsoft identity and access management solutions for corporate boundary control and information protection, manage a user’s identity across the datacenter and the cloud, provide secure remote access, and define the resources they have access to, based on who they are, what they are accessing, and from what device.
Windows Intune: Manage and Secure Your PCs and Mobile Devices from the Cloud
Tuesday, June 11, 2013
Deploying patches and software updates while validating your environments security status is important, to not only protect this environment but ensure the devices are operating correctly. Learn how Windows Intune helps organizations keep their PCs and mobile devices well-managed and more secure from virtually anywhere with cloud-based management tools. Can’t make it on June 11th? Join the June 25th session instead.
TechNet Webcast: Information about the June 2013 Security Bulletin Release
Wednesday, June 12, 2013
Join this webcast for a brief overview of the technical details of June’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.
| | | | | | | | | | | | | microsoft.com/about/twc | Trustworthy Computing | | | | | | This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
© 2013 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Microsoft respects your privacy. To learn more please read our online Privacy Statement.
If you would prefer to no longer receive this newsletter, please click here.
To set your contact preferences for other Microsoft communications click here.
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA | | | | | | | |
