deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 02:13:43 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

updated suggestions

Browse Source
This commit is contained in:
Beth Levin
2019-03-22 16:06:40 -07:00
parent eed7207e9a
commit e9afffc292
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
windows/security/threat-protection/intelligence/supply-chain-malware.md
View File

@ -48,15 +48,15 @@ To learn more about supply chain attacks, read this blog post called [attack inc
### For software vendors and developers
* Take steps to ensure your apps are not compromised.
* Maintain a secure and up-to-date infrastructure. Restrict access to critical build systems.
* Maintain a highly secure build and update infrastructure.
* Immediately apply security patches for OS and software.
* Implement mandatory integrity controls to ensure only trusted tools run.
* Require multi-factor authentication for admins.
* Build secure software update processes as part of the software development lifecycle.
* Build secure software updaters as part of the software development lifecycle.
* Require SSL for update channels and implement certificate pinning.
* Sign everything, including configuration files, scripts, XML files, and packages.
* Check for digital signatures, and dont let the software updater accept generic input and commands.
* Develop an incident response process for supply chain attacks.
* Disclose supply chain incidents and notify customers with accurate and timely information
For more general tips on protecting your systems and devices, see [prevent malware infection](prevent-malware-infection.md).