14 DAY TRIAL // Microsoft has applauded Vista as the most secure Windows platform to date. But when it comes to fresh releases of Windows, security advancements are nothing short of a leitmotif for Microsoft, and Vista makes no exception to this rule. However, James A. Whittaker, Security Architect at Microsoft claims that assessing the quality of a product before its release is impossible.
""You can't test quality in." It's a truism coined long ago and an accepted fact of software development," Whittaker explained. But this is not to say that Windows Vista is not the most secure operating system to come out of Redmond. This is of course the merit of the Security Development Lifecycle. And Whittaker managed to offer an insight into the inner workings of SDL, because while the overall quality of Vista will only be proven in real life scenarios, the platform has been tested extensively.
"Yet, for security, testing is arguably the most talked about aspect of the Security Development Lifecycle (SDL). When we get security wrong, the first criticism we almost always hear is, "Didn't you guys test this thing?" It is no great stretch to say that many of the most famous industry security folks made their reputation by finding vulnerabilities (through, no doubt, testing). You simply can't avoid the subject of testing when you talk about security, and you can't be sure you're secure without testing," Whittaker said.
Windows Vista is the first Microsoft platform to also be a complete Security Development Lifecycle product. And as the testing process is a repetitive occurrence in all the stages of the SDL, it was implemented into all the phases of the operating system's growth.
"Testers are involved in architecture review, security design reviews, threat modeling, code reviews and many other things that happen both before and after the actual testing phase. In each of these instances, testers bring a valuable how-I-would-break-this slant to these endeavors. This contribution has been valuable enough to spawn a big push around the company to move testing activity to earlier phases of the lifecycle and, though some might not agree, I think the practice of threat modeling can be ascribed to this movement. The idea of thinking through threats and understanding attack vectors has been our focus in security testing for years, and threat modeling represents the extraction of this process as its own standalone entity," Whittaker revealed.
The end purpose of the SDL is to educate engineers to write code with exploits in mind. Windows Vista code has been authored under the constant pressure of "attack scenarios, threats and test cases." Building, designing and writing code in Windows Vista under the SDL umbrella is a process aimed at delivering a guarantee of tested security.