Microsoft holds conference to discuss cyber security developments
SUBNET Solutions Inc | Monday, May 21, 2012
Microsoft recently held its first Security Development Conference in Washington, D.C., where the company discussed the latest advancements in computer security in various industries, and spoke in depth about the company's Security Development Lifecycle (SDL).
According to eWeek, the conference attracted leaders in software engineering, process and business management from all over the country, all of whom had responsibilities that included introducing or improving secure development practices within their companies. The event featured several keynote speakers, including Scott Carney, corporate vice president for Trustworthy Computing at Microsoft and many other industry leaders.
Steve Lipner, partner director of program management for Trustworthy Computing at Microsoft, wrote about the conference in a recent blog post.
"To see more and more private and public organizations recognize the value and importance of implementing secure development practices makes me cautiously optimistic that in the future software will be more secure than the software we've seen in the past," he wrote. "I remember when in 1997 I attended the RSA Security Conference held in the basement of the Mark Hopkins Hotel in San Francisco with a few hundred attendees. Today, the annual RSA Conference is a major industry event with more than 10,000 attendees."
According to the media outlet, recent research done by Microsoft has found that the exploitability of vulnerabilities in Microsoft products has fallen by more than 30 percent in the last 18 months, compared to previous versions of software that existed prior to that period.
Another study, conducted by the Aberdeen Group, found that the costs of mitigating a security related incident can be up to $300,000, and organizations that have used Microsoft's SDL service saw a return four times higher than initial investments in cyber security.
Utilities operating in the smart grid may have the most at stake when it comes to cyber security, as vulnerabilities can lead to breaches that could compromise critical U.S. infrastructure. Such an attack could lead to outages or information leaks that have the power to cripple the U.S. electric system.
To prevent such an event, the North American Electric Reliability Corporation (NERC) has developed stringent rules that if broken, come with hefty fines. SUBNET works with utilities as they integrate substation automation and other smart grid technologies into their infrastructure to ensure compliance with NERC CIP regulations.
Substation Cyber Security