Updated: July 10, 2020 (March 1, 2004)
Analyst ReportSecure by Design
The goal of “secure by design” is to reduce the number of security bugs or vulnerabilities that ship in new Microsoft software and to make software smarter about security so that features can be secure by default and deployment.
To accomplish this, security must be part of all phases of product design, from creating the specification through writing the code and testing the product. Designing software for security is similar to designing products for multiple languages-that is, if either security or international support is not designed into the product at an early stage, costs for adding them later are much higher.
The two requirements for security by design are good product design and high-quality implementation. Good design requires attention to the security implications of every feature. For example, the product specification must define which features are so critical to security that administrator privileges are required to run or modify them. Good implementation requires strict adherence to the design (code that follows the specification) and good coding techniques (with no weaknesses or shortcuts that can be exploited by attackers). For example, prior to the Trustworthy Computing initiative Microsoft SQL Server did not require administrators to set a password (the password could merely leave the password blank). But a secure design would require the administrator to set a strong (hard to compromise or guess) password.
Atlas Members have full access
Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.
Membership OptionsAlready have an account? Login Now