I haven't really blogged in a while, mostly because it's hard to blog about the kind of work I do right now (improving the security of unreleased products). But, I thought to myself, one way to share some of my experience with all you great folks would be to have a series of "Dear Diary" entries where (in the grandest tradition of trashy magazines) I will publish letters from "readers" who have sent me their security questions, and provide my answers or advice.

Some of these questions will come from real engagements I have had at Microsoft, some will come from questions I've had from external customers in the past, and (maybe) some will come from questions that you send in. Then I won't have to fake it any more! :-)

Anyway, we'll see how it goes... I'd love to hear your feedback.