David Weston Talks Enterprise Software Security

Table of Contents:

David Weston Talks Enterprise Software Security

Protecting Against Enterprise Security Attacks

Identify Software Supply Chain Vulnerabilities with RunSafe


Enterprise software security requires an understanding of a full set of security disciplines from cloud security to
DevSecOps to software composition analysis and software supply chain.  

One person with the best vantage to understand the key trends and topics around enterprise security is David Weston, Vice President of Enterprise Security at Microsoft. David is also a member of the Technical Advisory Committee. TAC’s mission is to provide suggestions based on multidimensional expertise and advise CISA on how to best focus its resources.

Protecting Against Enterprise Security Attacks

In a recent podcast episode hosted by RunSafe Security’s CEO, Joe Saunders, David provides insights into the issues of the day facing enterprises.

During the interview, David discussed some of the greatest security threats that enterprise customers currently face. First of all, there is a significant increase in ransomware, from human-operated to malware to phishing and more. Attackers are also targeting more than one platform, from servers to clients to mobile to infrastructure and beyond. He advised customers to get a holistic view and baseline of security across all attack vectors.

David discussed Microsoft’s focus on upstreaming protection and prevention. In terms of the builder side, Microsoft is working on changing the false security posture of operating system products, which poses a security and engineering challenge because performance and compatibility must remain. On the breaker side, Microsoft is investing in scale and experimenting with safe languages, like RUST and safer constructs of C. He discussed Microsoft’s ‘defense in depth’ mindset, which is pervasive throughout all of their products. This involves validating third-party hardware, designing custom hardware, specialized security in cloud attack surfaces, and bug bounties directed towards Azure.

When discussing the industry changes that have occurred over the course of his career, David shared that earlier on, there was little knowledge on how to convert the intelligence from red or PEN testing into sustained product improvement; and that the current green team is much more developed and mature.

Identify Software Supply Chain Vulnerabilities with RunSafe

At RunSafe Security, we help organizations understand and remediate the risk across their software supply chain, including:

– Generating a software bill of materials (SBOM) so you know exactly what is going into your deployed software
– Identifying vulnerabilities across all the components in your SBOM
– Delivering to developers merge requests in their CI tools so that they can approve security protections just as they would any other software update
– Updating open source packages with protections from the most common and devastating forms of attacks targeting software memory vulnerabilities

Please visit our product page for more details.

Dramatically decrease your attack surface