This document is a great education in how a large company like Microsoft deals with identifying and addressing vulnerabilities that are found in their software.

They readily admit those vulnerabilities are going to occur.  It is how you sort them out that makes the big difference between one company and another.

Vulnerabilities are weaknesses in software that enable an attacker to compromise the integrity, availability, or confidentiality of that software. Microsoft uses a process to investigate and release security updates that address vulnerabilities in the software it produces.  In this paper you’ll learn about this process and how Microsoft uses a multipronged approach to help its customers manage their risks.

This approach includes three key elements:

(1) High quality security updates – using world class engineering practices to produce high quality security updates that can be confidently deployed to over a billion diverse systems in the PC eco-system and help customers minimize disruptions to their businesses;

(2) Community based defense – Microsoft partners with many other parties when investigating potential vulnerabilities in Microsoft software. Microsoft looks to mitigate exploitation of vulnerabilities through the collaborative strength of the industry and through partners, public organizations, customers, and security researchers. This approach helps to minimize potential disruptions to Microsoft’s customers’ businesses;

(3) Comprehensive security response process – employing a comprehensive security response process that helps Microsoft effectively manage security incidents while providing the predictability and transparency that customers need in order to minimize disruptions to their businesses.

The document is available in both PDF and XPS formats.

Download the Software Vulnerability Management at Microsoft Presentation

So did you learn anything through this presentation that you did not know or realize?