Microsoft Shares Security Updates Engineering Process Details

Microsoft provides support for business and developer products for 10 years after product release, and consumer, hardware, and multimedia products for five years after product release."Accomplishing such an engineering feat requires extensive testing that can involve numerous product versions in many languages, as well their service packs. To illustrate this complexity, the figure below shows […]

Microsoft provides support for business and developer products for 10 years after product release, and consumer, hardware, and multimedia products for five years after product release.

"Accomplishing such an engineering feat requires extensive testing that can involve numerous product versions in many languages, as well their service packs. To illustrate this complexity, the figure below shows a test matrix for a single security update for the Windows operating system," stated Tim Rains.

windows test matrices

This single update requires more than 500 different product tests for different versions of the Windows. Factor in common Microsoft and 3rd-party apps, and the test matrix expands dramatically.

Microsoft typically includes up to 3,000 of the most commonly deployed apps in these test matrices to help minimize disruption to customers.

Have you ever wondered why the baking time for certain updates from the Redmond company is longer than others? Have you ever had questions related to the testing that goes on at Microsoft? About the quality standards for security udpates?

Well, you can now head over to the Vulnerability Management page on MSRC in order to get answers related to how Microsoft protects users of its software.

Also, a video series is now available to customers that want to get an idea of the Microsoft processes that lead to the creation of software updates.

Here're the videos:

  • Microsoft approach to managing software vulnerabilities.

  • How Microsoft produces quality security updates for over a billion systems.

  • Extensive application testing processes used to produce security updates.

[Source]