<sent from Cabo San Lucas Airport - heading back to Austin > Crosstalk has published an article for mine regarding how we use Defense in Depth within the SDL, and in Microsoft in general.

I've been doing this Twitter thing for a while now - I really like it, folks can get a feel for what you're up to each day. If you're interested, you can see what I'm up to by clicking 'Follow' at http://twitter.com/michael_howard

UPDATED : Added IOActive post As many of you have seen today , there's been plenty of press about us opening up the SDL for use by other software developers and releasing our threat modeling tool. For those of you who have no clue what the heck I'm...

SDL alumnus James Whittaker has a blog. I meant to write a note on this weeks ago, but I kinda got busy! Anyway, if you're a tester, or have a passing interest in test, James is one of the best and you should learn from him. He's the author or coauthor...

Scott Hanselman has a look under Chrome's hood and how it uses the new NX/DEP APIs we added to Windows . Scroll about halfway down the article.

I spoke with Kim Cameron a few days ago about Google's single sign-on (SSO) design bug . I wanted his take on the bug because he's one of the best in the area of identity, single sign-on etc etc... his response can only be described as scathing.

Dave Ladd just posted a note about Katie joing the ever-growing SDL team. For you twitter freaks out there she's @k8em0 :) Welcome, Katie...