Microsoft reveals updates for its Secure Future Initiative, including more use of CodeQL

In November 2023, Microsoft first announced the Secure Future Initiative (SFI). This was a plan to improve the company"s cybersecurity efforts to keep its systems safe from hackers. Today, Microsoft announced an update on its SFI efforts, which include the expanded use of its CodeQL code analysis engine. When used, CodeQL creates a database of the code such that analyzing vulnerable code becomes easier.

In a blog post, Microsoft said that the use of CodeQL will eventually analyze 100 percent of its commercial products. It"s already being used to analyze 86 percent of its Azure DevOps code repositories. The company also says that it was used to check more than one billion lines of source code in 2023.

However, Microsoft does admit that the final 14 percent of its code not currently covered by CodeQL "will be a complex, multi-year journey due to specific code repositories and engineering tools
requiring additional work."

The company also said it has expanded the use of its Microsoft Authentication Library (MSAL) for Microsoft 365 on Windows, macOS, iOS, and Android. It added:

This integration ensures that Office applications are underpinned by a unified authentication mechanism. In the Azure ecosystem, encompassing critical tools such as Visual Studio, Azure SDK, and Azure CLI, MSAL has been fully adopted, underscoring our commitment to secure and streamlined authentication processes within our development tools.

Microsoft says that by the end of 2024, it plans to "fully automate the management of Microsoft Entra ID and Microsoft Account (MSA) keys." That will include storing those keys with Hardware Security Modules (HSMs) for extra protection.

Microsoft also announced it has made a $1 million donation to the Rust Foundation. Launched in 2021, the non-profit group helps to maintain and develop the popular programming language. In addition, it will make a $3.2 million donation to the Alpha-Omega project, which was formed, along with Google, to help make open source software projects more secure.

Report a problem with article
Next Article

Apple has canceled Epic Games' developer account, blocking its efforts for its iOS app store

Previous Article

Taxes For Dummies: 2024 Edition (worth $16) now free, in exchange for your email