The Microsoft Security Response Center (MSRC) uses Microsoft's worldwide Software Security Incident Response Process (SSIRP) to understand security incidents quickly, and then investigate, analyze, and resolve those incidents. Security incidents are situations that arise when malicious users exploit vulnerabilities. The MSRC provides customers with the necessary information, guidance, mitigation steps, and tools to react appropriately.
Software Security Incident Response Process (SSIRP)
The SSIRP is defined by four phases:
Watch | Alert and Mobilize Resources | Assess and Stabilize | Resolve |
---|
MSRC and its partners are always on the alert for threats. | When a threat is identified, first responders are paged and mobilized into two teams of engineers and communications professionals. | The engineering team investigates and develops the solution, while the communications team reaches out to provide guidance to customers and partners. | MSRC provides tools and solutions, and the Watch phase resumes. |
When a security incident threatens customers—whether it is an attack on the entire Internet or is more restricted in scope—the MSRC quickly mobilizes teams internal and external to Microsoft and around the world. The MSRC and its partners have regular drills to ensure the process runs efficiently.
SSIRP participants include Microsoft product groups—such as the Windows, Internet Explorer, SQL Server, and Microsoft Office teams—in addition to external partners and organizations like GIAIS (a consortium of Internet Service Providers), VIA (Virus Information Alliance), and MVI (Macro Virus Initiative), a forum designed to share information and improve responses to virus outbreaks.