Olivier failcon
Le téléchargement de votre SlideShare est en cours.
×
Consultez-les par la suite
Suggestions
Plus De Contenu Connexe
Les utilisateurs ont également aimé (8)
Similaire à Security & Scaling at Microsoft (20)
Plus par Cass Phillipps (11)
Plus récents (20)
Security & Scaling at Microsoft
- 1. Security & Software Disasters & changing perception Eric Mittelette & Stanislas Quastana | Microsoft
- 2. Do you remember those dark days ? May 4th 2000 July 13th 2001 September 28th 2001 January 25th 2003 August 13th 2003
- 3. As Microsoft employees we do
- 4. 15 minutes before SQL Slammer infection
- 5. SQL Slammer (aka Sapphire) infection
- 6. Blaster (aka LOVE YOU SAN)
- 7. Why we fail ?
- 8. Reason 1 : features, features, features….
- 9. Reason 2 : Security was not in Developer’s DNA
- 10. Reason 3 : Everything was installed and started by default Ex: IIS Web Server
- 11. Which response ?
- 12. “Computing is already an important part of many people’s lives. Within ten years, it will be an integral and indispensable part of almost everything we do. Microsoft and the computer industry will only succeed in that world if CIOs, consumers and everyone else sees that Microsoft has created a platform for Trustworthy Computing”
- 13. “We have done a great job of having teams work around the clock to deliver security fixes for any problems that arise. Our responsiveness has been unmatched – but as an industry leader we can and must do better”
- 14. “Flaws in a single Microsoft product, service or policy not only affect the quality of our platform and services overall, but also our customers’ view of us as a company”
- 15. “So now, when we face a choice between adding features and resolving security issues, we need to choose security”
- 16. So what we did ?
- 17. Stop all development The 1st time in our history
- 18. Every Microsoft developer : back to school !!! Mandatory annual security training
- 19. « One book to protect them all »
- 20. Dear developers Few security bugs in your code = more money in your pocket
- 21. SDLC is the Microsoft security audit & expertise substance published as a methodology
- 22. Security Team created
- 23. Final Security Review mandatory
- 24. Did it work ? First results
- 25. Helping IT customers in their job
- 26. As you see, we did a lot of things But…
- 27. “Security is a journey, not a destination”
- 28. 10 years later Is it better ?
- 29. “Security is a journey, not a destination”
- 30. Sometimes it’s better to be the first…
- 31. Security is an industry problem not a single company issue
- 32. Really ?
- 33. same feature but 10 years later
- 34. “Security is a journey, not a destination”
- 35. “Security is a journey, not a destination”
- 36. Thanks you @EricMitt & @SQuastana
