At the Black Hat Conference taking place in Washington, D.C., Microsoft said it will deepen ties between its Visual Studio development tools and the secure applications development processes first developed inside the company and now available to outsiders. Read the full story…

As part of its commitment to a more secure and trustworthy computing ecosystem, Microsoft releases the SDL process guidance 4.1a. IT policy makers and software development organizations can leverage this content to enhance and inform their own software security and privacy assurance programs. The Microsoft...

Microsoft released a "white paper" on the issue in conjunction with an International Conference of Data Protection and Privacy in Madrid. "We want to take the initiative in regard to our position on privacy in the cloud," Microsoft senior director of privacy strategy Brendon Lynch...

Microsoft's federated identity platform passed its first SAML 2.0 interoperability test with favorable marks, signaling the end to the vendor's standoff against the protocol. Read full story…

The BinScope Binary Analyzer is a Microsoft verification tool that analyzes binaries to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations.  BinScope checks that SDL-required compiler/linker flags are being set, strong...

MiniFuzz is a basic testing tool designed to help detect code flaws that may expose security vulnerabilities in file-handling code. This tool creates multiple random variations of file content and feeds it to the application to exercise the code in an attempt to expose unexpected application behaviors...

The software titan reviewed its security approach to cloud computing and developed new strategies. Here's what one Microsoft cloud expert says he's learned. Discuss risk with customers. The security of cloud services worries many customers, and it should. Pay attention to compliance. Larger enterprise...

NSS Labs performs recurring, standardized testing of web browser security. This includes rating protection against socially engineered malware and phishing attacks. The results are based upon empirically validated evidence gathered by NSS Labs during continuous 24x7 testing against fresh, live malicious...

CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection. The tool can function as a plug-in for Visual Studio 2005/2008, FxCop custom...

As part of its commitment to a more secure and trustworthy computing ecosystem, Microsoft releases the SDL process guidance v4.1. IT policy makers and software development organizations can leverage this content to enhance and inform their own software security and privacy assurance programs. Get the...

This tool allows non-security subject matter experts (SMEs) to enter already known information, including business requirements and application architecture which can then produce a feature-rich threat model. Get the tool…

The Microsoft Enterprise Library is a collection of application blocks designed to assist developers with common enterprise development challenges. Application blocks are a type of guidance, provided as source code that can be used "as is," extended, or modified by developers to use on enterprise development...

FxCop is an application that analyzes managed code assemblies (code that targets the .NET Framework common language runtime) and reports information about the assemblies, such as possible design, localization, performance, and security improvements . FxCop is intended for class library developers. However...