LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Explain Microsoft's vulnerability mitigation strategy and its four tactics.

Four layered tactics in priority order — Eliminate, Break, Contain, Limit — because each layer assumes the previous one will eventually fail.

The goal: "make vulnerabilities difficult and costly to find, exploit, and leverage."

Four tactics (in priority order):

Priority Tactic Examples
1st Eliminate vulnerabilities SAST/DAST, code review, memory-safe languages
2nd Break exploitation ASLR, Same-Origin Policy, Secure/HttpOnly cookies
3rd Contain damage App containers, virtualization, sandboxing, least privilege
4th Limit time window Mature detection & response, rapid patching

Why all four matter (defense in depth):

  • You can't eliminate all bugs (tactic 1 fails)
  • Some exploits bypass protections (tactic 2 fails)
  • Sandboxes can be escaped (tactic 3 fails)
  • Detection isn't instant (tactic 4 buys time)

Mnemonic: "EBCL" = "Every Bug Creates Liability" — Eliminate → Break → Contain → Limit

From Quiz: SPRG / Secure Programming Introduction | Updated: Jul 14, 2026