Secure by Design

The goal of “secure by design” is to reduce the number of security bugs or vulnerabilities that ship in new Microsoft software and to make software smarter about security so that features can be secure by default and deployment.

To accomplish this, security must be part of all phases of product design, from creating the specification through writing the code and testing the product. Designing software for security is similar to designing products for multiple languages-that is, if either security or international support is not designed into the product at an early stage, costs for adding them later are much higher.

The two requirements for security by design are good product design and high-quality implementation. Good design requires attention to the security implications of every feature. For example, the product specification must define which features are so critical to security that administrator privileges are required to run or modify them. Good implementation requires strict adherence to the design (code that follows the specification) and good coding techniques (with no weaknesses or shortcuts that can be exploited by attackers). For example, prior to the Trustworthy Computing initiative Microsoft SQL Server did not require administrators to set a password (the password could merely leave the password blank). But a secure design would require the administrator to set a strong (hard to compromise or guess) password.