Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Microsoft expands its ‘built-in security’ with new Secure Future Initiative
Big updates to the Secure Future Initiative
3 min. read
Published onMarch 7, 2024
published onMarch 7, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
In the wake of several highly publicized security breaches, Microsoft’s CVP and chief cybersecurity advisor announces expanded security efforts to safeguard the company’s software development process.
Microsoft’s Bret Arsenault announced a renewed commitment to software security for the company that incorporates a new Secure Future Initiative (SFI).
SFI was originally announced by Microsoft vice chair and President Brad Smith back in November of 2023 under three tenants of advancing engineering development that include transforming software development, implementing new identity protections, and driving faster vulnerability responses.
Fast forward to earlier this week and Arsenault is adding to that initiative with additional details and updates to SFI.
Evolving development lifecycles
Since announcing SFI, Microsoft has quickly evolved its previous security development lifecycle to a more flexible continuous SDL that supports CodeQL to 100 percent of its commercial products.
Microsoft also broadened its adoption of memory safe languages, donated to the Rust Foundation to help advance the Rust programming language, as well as investing $3.2M into the Alpha-Omega project, and partnering with Google, Amazon, and Alpha-Omega tangentially on the Open-Source Security Foundation (SSF). Through this strategic support initiative, Microsoft predicts it will hasten its ability to cover, analyze and deploy more open-source projects in the near-future.
Fending off identity attacks with tighter protections
Microsoft has also improved its SFI efforts by enforcing the used of standard identity libraries that includes Microsoft’s own Authentication Library (MSAL).
Eventually, Microsoft would like to automate more of its security infrastructure, and by the end of the year it predicts it will be able to fully automate the management process through Microsoft Entra ID and Microsoft Account (MSA) keys by standardizing the identity libraries used in the company’s most used apps.
Transparency into future security efforts
While it might feel counterintuitive to be transparent about security efforts that aim to undercut evolving threats, Microsoft “remains unwavering in its commitment to continuously evolve our security posture and provide transparency in our communications.”
Without giving any solid dates or times, Microsoft is saying that in the ‘coming months’ it will share further progress on its SFI efforts to strengthen the security process surrounding its software development process.
More about the topics:security
Kareem Anderson
Networking & Security Specialist
Kareem is a journalist from the bay area, now living in Florida. His passion for technology and content creation drives are unmatched, driving him to create well-researched articles and incredible YouTube videos.
He is always on the lookout for everything new about Microsoft, focusing on making easy-to-understand content and breaking down complex topics related to networking, Azure, cloud computing, and security.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Kareem Anderson
Networking & Security Specialist
He is a journalist from the bay area, now living in Florida. He breaks down complex topics related to networking, Azure, cloud computing, and security
