December, 2007

Blog - About

About David LeBlanc's Web Log

This blog is about whatever security topics come to mind, and may occasionally wander off into other areas, like arcane C++ tricks. I'll primarily cover techniques to achieve more secure code, how to use some of the more interesting facets of the Windows operating system, and sometimes my thoughts about the general state of Internet security.

  • David LeBlanc's Web Log

    Securing Existing Code

    • 4 Comments
    Just read Michael Howard's post about differentiating secure features, security features and security response, found at http://blogs.msdn.com/sdl/archive/2007/12/17/security-is-not-all-about-security-updates.aspx , and wanted to offer some counterpoints...
  • David LeBlanc's Web Log

    How to cause a regression

    • 2 Comments
    This one isn't really security related, except that we security people often want to get rid of old stuff because it's sometimes easier to disable it than to make it really robust. If only a few people use it, good attack surface reduction practices tell...
  • David LeBlanc's Web Log

    Implementation vs. Design Defects

    • 1 Comments
    I got a comment to my last post that's worth following up on: Can you comment on what percentage of defects you all are finding are implementation vs. design defects? Its pretty clear that older code that doesn't have buffer overflows isn't going...
Page 1 of 1 (3 items)