RSA Europe: Microsoft discusses securing applications

It may comes as a surprise to some of you but Microsoft claims to have a very sophisticated system for making sure its products are as secure as they can be before they ship.

Speaking at the RSA Conference Europe event in London's docklands, Ben Fathi, corporate vice president of development, Windows, Microsoft, said, "The single biggest thing that has changed at Microsoft is the security development lifecycle – how to develop secure software – every single product goes through this cycle."

The cycle is made up of the following stages: Requirements, design, implementation, verification, release, response.

The firt stage involves security program managers who examine how a product or feature can be attacked. Does it have APIs that are public – does it have web services – what are the ways a hacker could use those interfaces?

Microsoft also uses white hat hackers to try and break into the products – and find the bugs and fix them before they are released.

Fahi adds: "Last year 300 products that went through this cycle, they go through this process multiple times and if they do not pass then they don't ship. Three products were not released which affected the release cycle but was the right thing to do for our customers"