Pushing Left, Like a Boss — Part 10: Special AppSec Activities and Situations
This article is part of a series, and the previous article was Pushing Left, Like a Boss — Part 9: An AppSec Program.
Special Situations
Not all application security programs are the same, and not all security needs are equal. As many of you know, I am leaving Microsoft this week, and I’m going to talk about them a bit in this article because they are probably the best example on the planet of special security requirements and situations.
Think about this: Not only does Microsoft make the most popular consumer operating system on the planet (Windows), they also make the second most popular cloud (Azure), the most popular programming IDE (Visual Studio Code), one of the most popular programming languages/frameworks (.Net), the most popular office suite (Microsoft Office), and so, so much more. It wasn’t until I worked there that I realized *just how many things depend on Microsoft*. It’s staggering. I tried to threat model the idea of Microsoft going out of business (I’m a blast at team meetings) and I think the world would not be able to recover, because their systems are used to support so many other systems on this planet that are critical. We would literally shut down.
