I like this class library because it looks for "good things" and not "bad things." T he most common method of mitigating XSS issues is to use functions like HtmlEncode that look for "bad things" and escape them. But this library does the right thing...

I was asked last week for a list of "drop-in-and-more-secure" replacements, created at Microsoft, for C/C++ functions and constructs. So here's a list: IntSafe (C safe integer arith library) SafeInt (C++ safe integer arith template class) ...

I've been using this for a few months now on my own machines, and on my wife's machine at home. The thing I love about it is it doesn't get in the user's way. It's not "in your face" - I really think users are sick and tired of dialog boxes that expect...

Any federal document that contain words like: Pulverize, Incinerate and Disintigrate always gets my attention! "NIST Special Publication Guidelines for Media Sanitization, Public Draft" at http://csrc.nist.gov/publications/drafts/DRAFT-sp800-88-Feb3_2006...

There has been plenty of literature written regarding integer arithmetic issues and security bugs. If you need a good refresher, I would urge you to read one or more of the following: Reviewing Code for Integer Manipulation Vulnerabilities ...

As you probably all know, David is a very good friend of mine and we have authored some popular security books together, and will probably write some more too (but that’s another story.) Some of you know that David left Microsoft to join Webroot in...