It is beautiful in Bellevue WA today.  My Alaskan Klee Kai is just over a year old.  Meet Louie my mini husky. 

He was born in Texas but arrived in Bellevue when he was only 8 weeks old.  (Did I mention he is the love of my life and the cutest thing you've ever seen?!)  He is a miniature husky and should just love the snow.  Unfortunately, he shivered during our walk, and we had to put him in his dad's jacket to warm up.  At only 7 pounds, even all that fur isn't enough to keep him warm. 

Things aren't always what they seem.  Let me shift to my technical topic today ... software security.  I always thought building secure applications should be important to developers.  I really believe it is important to developers, but I'm wondering how important.  In talking to developers recently, I heard a distinct message from developers that they didn't necessarily consider security their concern.  Well whose job is it?  I think both Microsoft and individual developers have a role in building secure apps.  Am I right? 

Microsoft Security Developer Center probably provides the most comprehensive collection of information.   Good information on threat modeling from Michael Howard, Senior Security Program Manager at Microsoft in the Secure Windows Initiative Team.  The Secure Software Development Lifecycle a recent DevSource article offers some other advice.  Chris Wysopal, well-known security practitioner and coauthor of The Art of Software Security Testing, offers a full lifecyle approach being the only way to achieve secure software. 

I don't pretend to know the answers but wonder what more Microsoft can do to help developers build secure apps.  What else can we do to help you?  What's missing?  Tell me how we can help.

One more thing -- I just set up my account on Technorati.  I have to claim my blog.  <a href="http://www.technorati.com/claim/44va2gz9rs" rel="me">Technorati Profile</a>.  Does that make any sense?? Hope so.