The past few weeks have been pretty busy for me. In my last blog I mentioned I was working on planning our "Security Push", which is a time we allocate in our product cycle where the top priority and focus is security. Having this kind of time is very valuable because you can get everyone working on this at the same time, and it builds great momentum. We started out with a big list of work items we wanted to complete, some of which were brand new, bleeding edge, using tools we had just finished developing. Talk about dogfooding…
After a wobbly start, everyone really kicked into gear and we started making good progress. This is the fifth week now out of a total of six, and things are looking great. We found a few areas where we needed to change the design to make the product more secure, and we fixed issues reported by scanning tools like FxCop and PreFast (if you want to try this one out, check out
In a month or so, our central security team (for the company) will be engaging our team for our "Final Security Review" (see
My next blog will be soon after they complete the testing of our product, I’ll keep you posted how that went.