Hey Everyone, In my last post I mentioned that I would be blogging from www.buildingsecurecode.com after leaving Microsoft. It's up and ready to go right now! As my first post, I thought I would write about Programmatically Displaying the Windows...

Friends, After almost 5 years at Microsoft, I've decided to move on and realize my dreams of starting a business (check out www.impactalabs.com in the coming months). I've had the pleasure of working with some of the smartest people in the industry...

If you've never met or heard Mohammad Akif here's your chance! He's one of our evangelists in Toronto (my home-town!), Canada. Mohammad talks to InfoQ about service oriented-architectures (SOA) and the Security Development Lifecycle , check him out http...

Update: The FAQ is now up as of today to help answer any initial questions you might have. Check it out on the main landing page for the librarry at http://msdn2.microsoft.com/en-us/security/aa973814.aspx . Update: We'll be posting a Web-facing FAQ...

Today we released a preview copy to a select list of people and awaiting to get feedback. Very soon folks, very soon! I also spent last night and into the morning putting together a tutorial so watch out for the release of that! Thanks, -- ...

Dan Sellers posted my rant on code scanning tools on his Security for Canadian Developers Blog : --- START --- Information managers, developers and testers commonly make the mistake of seeing code scanning tools as replacement for security QA processes...

If you missed the presentation Dan Sellers , Deepak Manohar and I gave to 230+ Canadian security folks on 09/27/06 check out the following links: http://msdn.microsoft.com/canada/securitylockdown/ Also Dan posted an entire presentation recap at...

Just read this off of Slashdot -- I am a big, nay huge, fan of using biological models to solve problems in other spaces. Check out this interesting paper on using immune system behavior to detect spam:. Check it out: http://terri.zone12.com/doc/academic...

Just wanted to give an update and the new implementation of the Anti-Cross Site Scripting Library V1.5 is done. I re-wrote the entire library to be much more performant than the previous implementations as well as added more encoding methods for various...

If you're a fan of the old Phrack , you'll definitely enjoy Uninformed . -- Kevin Lam, CISSP Senior Security Technologist Microsoft Application Consulting & Engineering (ACE) Team

Every now and then this company completely surprises me! It's absolutely fantastic that Microsoft is publishing research like this! If you're interested in computer viruses, check out this oldie (but goodie) white paper by Adrian Stepan here . -- ...

If you like operating systems like me, no doubt you've recently tried to install Ubuntu 6.06 and have run into some installation problems with Virtual PC 2004 SP1 related to display issues. Try this trick: Move the selection to "Install In Safe...

Check out Stephen Toulouse's blog entry here . Enjoy, Kevin -- Kevin Lam, CISSP Senior Security Technologist Microsoft Application Consulting & Engineering (ACE) Team

Michael Howard's blog entry on randomization of address space layout: http://blogs.msdn.com/michael_howard/archive/2006/05/26/608315.aspx I personally haven't seen the internals (implementation) yet, but it should be interesting on how well it affects...

If you haven't already done so, check out my team's Release Candidate 1 (RC1) of the Threat Analysis & Modeling V2.0 tool here . Kudos to the TAM development team, great work guys! Thanks, -- Kevin Lam, CISSP Senior Security Technologist...

Several people have asked me when the next version of the Microsoft Anti-Cross Site Scripting (XSS) Library (version 1.5) would be released. There were some delays, and so it should be around the end of June, no guarantees though -- by the way, thanks...