{"id":88324,"date":"2019-02-04T09:00:12","date_gmt":"2019-02-04T17:00:12","guid":{"rendered":"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/?p=88324"},"modified":"2023-05-15T22:58:17","modified_gmt":"2023-05-16T05:58:17","slug":"announcing-the-new-security-engineering-website","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/","title":{"rendered":"Announcing the new Security Engineering website"},"content":{"rendered":"

\"\"<\/a><\/p>\n

To meet users\u2019 expectations for security when using a product or cloud service, security must be an integral part of all aspects of the lifecycle. We all know this, and yet time has proven that this is far easier said than done because there is no single approach nor silver bullet that works in every situation. However, Microsoft\u2019s long commitment to security has demonstrated that there are a number of security practices that have survived the passage of time, and when applied flexibly in harmony with many approaches, will improve the security of products or cloud services.<\/p>\n

We are sharing the results of our experiences through our new Security Engineering<\/a> website, which includes updated Microsoft Security Development Lifecycle (SDL) practices that focus on development teams and what we believe to be the basic minimum steps for addressing security concerns when using open source. Additionally, we\u2019ve included more specific Operational Security Assurance (OSA) practices, aligned with the operational lifecycle of cloud services, and we touch on how these can be brought together to deliver Secure DevOps.<\/p>\n

There are four main sections to the new site:<\/p>\n

Security Development Lifecycle (SDL)<\/h2>\n

The new The Security Development Lifecycle (SDL)<\/a> site offers updated practices<\/a> that should be used during the development process, to build more secure software by reducing the number and severity of vulnerabilities accidentally introduced into software. The practices cover a broad range of topics, from training<\/a> and threat modeling<\/a>, to managing the security risk of using third-party components<\/a>, and security testing<\/a>.<\/p>\n

Operational Security Assurance (OSA)<\/h2>\n

The Operational Security Assurance (OSA)<\/a> section outlines aligned practices<\/a> to apply during the operational lifecycle of cloud services, making them more resilient to attack from real and potential cybersecurity threats. These include elements such as using Multi-Factor Authentication (MFA)<\/a>, protecting secrets<\/a>, protecting against DDOS attacks<\/a>, and penetration testing<\/a>.<\/p>\n

Secure DevOps<\/h2>\n

The Secure DevOps<\/a> model provides a great foundation to improve security. SDL and OSA practices aligned with automation, monitoring, collaboration, and fast and early feedback provide a great opportunity to improve security. Practices outlined here include tooling and automation<\/a> and continuous learning and monitoring<\/a>.<\/p>\n

Open Source Security<\/h2>\n

The Open Source Security<\/a> section outlines the minimum steps necessary to begin to address security concerns when using open source components. Here the practices cover topics such as inventorying open source<\/a>, updating components<\/a>, and aligning security response processes<\/a>, and aligns with the SDL practice of managing the security risk of using third-party components.<\/p>\n

Throughout the site you will find useful references and resources to help. There are even consulting services offerings<\/a> if you need them. See our Security documentation<\/a>, where many of these resources can be found along with other useful security research papers, guides, and references. We hope you find the new Security Engineering site useful and encourage you to explore and share with your development and operations teams.<\/p>\n","protected":false},"excerpt":{"rendered":"

The new Security Engineering website includes security practices to help improve the security of products or cloud services.<\/p>\n","protected":false},"author":58,"featured_media":88579,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3684],"products":[],"threat-intelligence":[],"tags":[3822],"coauthors":[1979],"class_list":["post-88324","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-security-operations","tag-microsoft-security-insights"],"yoast_head":"\nAnnouncing the new Security Engineering website | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Announcing the new Security Engineering website | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"The new Security Engineering website includes security practices to help improve the security of products or cloud services.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2019-02-04T17:00:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T05:58:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/02\/Security-Engineering-portal-card.png\" \/>\n\t<meta property=\"og:image:width\" content=\"677\" \/>\n\t<meta property=\"og:image:height\" content=\"420\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Tony Rice\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tony Rice\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/tony-rice\/\",\"@type\":\"Person\",\"@name\":\"Tony Rice\"}],\"headline\":\"Announcing the new Security Engineering website\",\"datePublished\":\"2019-02-04T17:00:12+00:00\",\"dateModified\":\"2023-05-16T05:58:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/\"},\"wordCount\":478,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/02\/Security-Engineering-portal-card.png\",\"keywords\":[\"Microsoft Security Insights\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/\",\"name\":\"Announcing the new Security Engineering website | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/02\/Security-Engineering-portal-card.png\",\"datePublished\":\"2019-02-04T17:00:12+00:00\",\"dateModified\":\"2023-05-16T05:58:17+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/02\/Security-Engineering-portal-card.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/02\/Security-Engineering-portal-card.png\",\"width\":677,\"height\":420,\"caption\":\"Security Engineering website\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Announcing the new Security Engineering website\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Announcing the new Security Engineering website | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/","og_locale":"en_US","og_type":"article","og_title":"Announcing the new Security Engineering website | Microsoft Security Blog","og_description":"The new Security Engineering website includes security practices to help improve the security of products or cloud services.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/","og_site_name":"Microsoft Security Blog","article_published_time":"2019-02-04T17:00:12+00:00","article_modified_time":"2023-05-16T05:58:17+00:00","og_image":[{"width":677,"height":420,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/02\/Security-Engineering-portal-card.png","type":"image\/png"}],"author":"Tony Rice","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Tony Rice","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/tony-rice\/","@type":"Person","@name":"Tony Rice"}],"headline":"Announcing the new Security Engineering website","datePublished":"2019-02-04T17:00:12+00:00","dateModified":"2023-05-16T05:58:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/"},"wordCount":478,"commentCount":0,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/02\/Security-Engineering-portal-card.png","keywords":["Microsoft Security Insights"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/","name":"Announcing the new Security Engineering website | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/02\/Security-Engineering-portal-card.png","datePublished":"2019-02-04T17:00:12+00:00","dateModified":"2023-05-16T05:58:17+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/02\/Security-Engineering-portal-card.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/02\/Security-Engineering-portal-card.png","width":677,"height":420,"caption":"Security Engineering website"},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/04\/announcing-the-new-security-engineering-website\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Announcing the new Security Engineering website"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/88324"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/58"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=88324"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/88324\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/88579"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=88324"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=88324"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=88324"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=88324"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=88324"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=88324"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=88324"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}