The annual Security issue of MSDN is out, and you should find a copy in your local book or magazine store. Or, if you like, you can read the issue online at


I wrote an article in this issue outlining a method to reduce attack surface, you can read it here I really believe attack surface reduction is just as important as security education, code reviews, threat models, coding best practice, better libraries, defensive methods (firewall, /GS, NX etc) security testing, fuzz testing and so on.

Why do I think it's so important? Read the article and find out :)


Finally, you can look at back issues of the MSDN Security issues here:


2003 -

2002 -