Securing Indigo

Blogger : steve maines blog
All posts : All posts by steve maines blog
Category : WSCF/WCF
Blogged date : 2005 May 12

I’m getting a great introduction to the security culture at Microsoft.

One of the Indigo components that I have PM responsibilities for is a long-running service (of the NT variety) that listens on the network. Because it’s basically the front door of Indigo, we’re spending a lot of time making sure our threat models and mitigations stay up-to-date as the product evolves in its lifecycle.

We have lots of threat models and mitigations in place to make sure that our component doesn’t get hacked. But even so, a lot of our threats start with “assume that the Listener gets hacked…”

Why do we do this Defense in depth. We want to make sure that even if our component gets compromised, there’s nothing that a hacker could do with that achievement.

Saying “we think we’ve found all the threats” isn’t nearly as good as saying “we think we’ve found all the threats — and even if we missed one, there’s nothing a hacker could gain by compromising our component.”

Read comments or post a reply to : Securing Indigo

CONTENTS

Page 17470 of 20233

Newest posts



	Recent Jobs Integration Specialist Needed - Work Fro Virtualization Server Infrastructure Arc A great opportunity to Digital Video Eng here is a greate opportunity as a SMS En A great opportunity as a Network Enginee View all Jobs (Add yours) View all CV (Add yours)

	Web Hosting Motorola Zine ZN5 Accessories conference call
	Partners Dream.In.Code dotNet Slackers dotNet Spider Your HTML Source VisualBuilder.com DevGuru Planet Source Code ZVON.ORG Web Design ASPAlliance XML Pitstop Scripts The Spot 4 SAP Bitshop Web Hosting

Email TopXML