We are excited and proud to open source our software bill of materials (SBOM) generation tool. A key requirement of the Executive Order on Improving the Nation's Cybersecurity, SBOMs are lists of ingredients that make up software components, providing software transparency so organizations have insight into their supply chain dependencies.
Through automated profiling and data collection of performance behavior, Microsoft’s M365 Core team can derive the context with which to inform the engineer about the impact of their code, as they write it. Randy Lehner likens it to the autonomic nervous system in this post on their Cloud Profiling and Reporting Pipeline.
Flaky tests are a well-known problem across the industry and Microsoft is no exception. In this post, Suresh Thummalapenta walks us through the team's comprehensive flaky test management system that helps to infer, triage, and quarantine those tests.
In this post, Sina Jafari discusses key characteristics of the CloudTest infrastructure used at Microsoft and why similar characteristics should be considered in all large-scale test infrastructures to improve engineers’ productivity and help them ship high-quality software.
In this post, Adrian Diglio walks us through how Microsoft is planning to generate SBOMs not just to meet the U.S. Presidential Executive Order on Improving the Nation's Cybersecurity, but for all software that Microsoft produces.
In this post, Michael Fanning gives us a short history on standards (think Julius Caesar), how consensus on something very small can enable something very large, and how all of it relates to the design of the ‘Static Analysis Results Interchange Format’ (SARIF).
The faster we iterate on refining secure development practices, the faster our developers can address security pain points, and the better we protect our customers. In this post, Bryan Sullivan walks through key learnings from the 1ES Security team.