Gary McGraw (CTO of Cigital , and author or co-author of many security books, including Building Secure Software , Exploiting Software and Software Security ) interviewed me a few weeks ago as part of his Silver Bullet Security Podcast series. You can...

You may have noticed that if your code calls functions in the sprintf family and the format template string uses the %n parameter, then it fails to run correctly after it is compiled with Visual Studio 2005. Why? Well, it's pretty simple, by default we...

Today the Visual Studio 2005 team released Service Pack 1 Beta . Included in the beta is the new linker that supports Address Space Layout Randomization on Windows Vista. You can get the update from the Microsoft Connect Site . By default on Windows...

A fascinating read http://www.privacyrights.org/ar/ChronDataBreaches.htm.

In August I gave a presentation at Gamefest 2006 about secure coding practices and design. You can find the slide deck (and all the other slide decks) here . My presentation is titled "Hardening the Box: The Xbox 360 and Windows Vista Security Models...

This is a new security book from MSPress that focuses on security testing. I read some of the chapters a few weeks ago, and it's wonderful to add a testing perspective to the world of security. A great deal has been written about security and code quality...