The National Security Agency (NSA) worked with Microsoft on the development of Windows 7, an agency official acknowledged yesterday during testimony before Congress.
“Working in partnership with Microsoft and elements of the Department of Defense, NSA leveraged our unique expertise and operational knowledge of system threats and vulnerabilities to enhance Microsoft’s operating system security guide without constraining the user to perform their everyday tasks, whether those tasks are being performed in the public or private sector,” Richard Schaeffer, the NSA's information assurance director, told the Senate’s Subcommittee on Terrorism and Homeland Security yesterday as part of a prepared statement.
“All this was done in coordination with the product release, not months or years later during the product lifecycle,” Schaeffer added. “This will improve the adoption of security advice, as it can be implemented during installation and then later managed through the emerging SCAP standards.”
Security Content Automation Protocol, or SCAP, is a set of standards for automating chores such as managing vulnerabilities and measuring security compliance. The National Institute of Standards and Technologies (NIST) oversees the SCAP standards.
This is not the first time that the NSA has partnered with Microsoft during Windows development. In 2007, the agency confirmed that it had a hand in Windows Vista as part of an initiative to ensure that the operating system was secure from attack and would work with other government software. Before that, the NSA provided guidance on how best to secure Windows XP and Windows 2000. …