Windows Vista Beta 2 includes a new defense against buffer overrun exploits called address space layout randomization. Not only is it in Beta 2, it’s on by default too. Now before I continue, I want to level set ASLR. It is not a panacea, it is not a...

A paper has just been made available that outlines some of the security improvements in Windows Vista Beta 2.

In a prior article I wrote about the benefits of the Standard Annotation Language (SAL) available in various high-end versions of Visual Studio 2005. The good news is the Windows SDK released for Windows Vista Beta 2, also includes PREfast and can therefore...

Caveat: This is my first blog posting from within Office 2007 beta 2, so I hope it comes out ok! Lecture materials from the University of Washington’s cryptography class have been posted on-line . Recordings of the lectures are also available on-demand...

Introduction Even though a prior blog I wrote “ Code Scanning Tools Do Not make Software Secure ” may have left some thinking I don’t like static analysis tools, nothing could be farther from the truth. In fact, there is a code analysis technology...

Cute! http://searchsecurity.techtarget.com/general/0,295582,sid14_gci1182844,00.html?track=NL-430&ad=551180

Ages ago I wrote a surprisingly well read couple of articles about dumbing down an admin token and running an application with that reduced-privileged token. You can read the articles here and here if you have no clue what I'm talking about it. I wrote...

I’m pleased to announce, actually I’m *thrilled* to announce, that James Whittaker has joined our group. James is a well-known author and speaker on software testing and security. He most recently worked as a professor of computer science at Florida Tech...