BETA2 of Microsoft Threat Analysis & Modeling v2.0 (formerly codenamed “ACE Torpedo”) is now available for download here . Check out this blog for more info: http://blogs.msdn.com/threatmodeling/ For those of you that haven't downloaded it yet, you should. It's a great tool that helps...

This document outlines the security-related process improvements we have put in place at Microsoft. http://msdn.microsoft.com/security/sdl

I spoke with Don Kiely today, who will be my partner in crime at TechEd in discussing Whidbey Security Enhancements. One of the first things that I found out is that we went to college a couple of hours away. Shortly after insulting each other and saying who's school is better (mine, of course! :) )...

Getting a Head Start on App Security December 7, 2004 3 comments posted Add your opinion With security on the minds of IT managers more than ever, some companies are addressing the issue even before applications are developed. Microsoft Corp. is delivering technology...

Microsoft Recommended Best Practice Microsoft encourages that as a best practice developers write their applications to execute with the least privileges to get the job done. The reason for doing this is quite simple – if an attacker creates a security vulnerability and it penetrates your system,...