Citizen Portal
Sign In

Get Full Government Meeting Transcripts, Videos, & Alerts Forever!

Claim Your Spot

Microsoft security specialist urges 'assume breach' approach in secure-coding briefing to ETS

Enterprise Technology Services (ETS), Office of · October 28, 2024
AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

Rich Antonow of Microsoft briefed Enterprise Technology Services staff on secure-coding practices, zero-trust design, secrets management and the practical limits and uses of generative AI, urging developers to "assume breach," validate inputs and avoid hard-coded credentials.

Rich Antonow, a Microsoft security and identity technical specialist, told Enterprise Technology Services staff that developers must write code with the expectation that networks and systems may already be compromised. "Assume breach," Antonow said, identifying that mindset as the core zero-trust principle developers should use when deciding authentication, authorization and data-storage practices.

Antonow framed secure coding as an environmental problem, not only a matter of individual functions. He listed three foundational developer responsibilities from zero-trust doctrine: "assume breach," "verify explicitly" and implement "least-privileged access." He argued that code should avoid elevated test accounts and that applications must rely on proper identity providers for authentication while performing their own validation…

Already have an account? Log in

Subscribe to keep reading

Unlock the rest of this article — and every article on Citizen Portal.

  • Unlimited articles
  • AI-powered breakdowns of topics, speakers, decisions, and budgets
  • Instant alerts when your location has a new meeting
  • Follow topics and more locations
  • 1,000 AI Insights / month, plus AI Chat
See memberships
30-day money-back on paid plans