We're into the last week of our Security Push effort for Visual Studio Team System. We've reviewed lots of code, found a few bugs (thankfully, only a few scary bugs), verified our capabilities while operating in a hardened environment, and are wrapping up our penetration tests. It's been a different experience, and a fun one.
Given that we took a little bitty break to see Star Wars last week, I can even call it an exciting and even magical event (Vader's "sorceror's" ways and all that).
What did I learn?
Overall, I think the Security Push has been a big success. We got as much or more done than I'd originally hoped (scheduled-tasks-wise), I've seen a turnaround where people are thinking about security now, who previously seemed to almost blow it off. I see tests run (and bugs found), as a result. We're going to ask you to trust your data within Team System's virtual walls soon, and I feel better than ever that those defenses will hold.