Browse by Tags

Tagged Content List
  • Blog Post: SDL and Compliance: New Blog Series at Security Blogs

    Arjuna Shunn here. Our friends over on the security blog have done up a series of posts about SDL and compliance which are worth reading. Using data from numerous sources, ranging from our SDL and HIPAA whitepaper, our SDL and PCI DSS/PA-DSS whitepaper, and from our SDL Chronicles among others, they’ve...
  • Blog Post: Software Assurance: How can you tell?

    We’ve posted before on the work of SAFECode, a non-profit organization of software vendors who seek to share their approaches to improving the security and assurance of software. In a pair of recent blog posts on the SAFECode blog, Eric Baize of EMC and I discuss effective ways for software acquirers...
  • Blog Post: Financial Services Industry Publishes Software Assurance Framework

    More and more enterprises are realizing the importance of proactive security practices and those involved in critical infrastructure are no exception. One of the most effective ways to drive security improvements in critical infrastructure is through industry consensus. Microsoft has been deeply involved...
  • Blog Post: Evolving Secure Code at Microsoft and Beyond

    Steve Lipner here… Over the past few weeks, Microsoft has been reflecting on the ten year anniversary of the Trustworthy Computing initiative; thinking about the things that have led us to this point in our history and speculating about the future. Obviously a big part of our work has been...
  • Blog Post: Application Security: 2011 & Beyond – A Forrester Research Report

    Hi All. Doug here, In April 2011 Forrester Research wrote a new study on Application Security. This study, titled Application Security: 2011 & Beyond led by Dr Chenxi Wang, Lead Analyst at Forrester Research, provides valuable research, insights and recommendations for security and risk professionals...
  • Blog Post: ISV adoption of mitigation technologies

    Hi, Michael here, Over the last few weeks, Matt Miller, Matt Thomlinson, John Lambert and I worked on a paper that describes the various buffer overrun defenses we offer in Windows Vista and later and Windows Server 2008 and later. I’d like to introduce a guest SDL blogger, Matt Miller...
  • Blog Post: Secure Coding Secrets?

    Hi, Michael here. A recent article titled "NSA posts secrets to writing secure code" caught my eye in part because the words " writing secure code " always get my attention! But also because anything that can advance the science of securing software is of interest to me. There is another reason...
  • Blog Post: Common Criteria and answering the question 'Is it Safe'

    Hi all, Eric Bidstrup here. One of the areas that our group is also involved is in industry standards regarding security assurance, and Common Criteria ( aka ISO 15408) is the standard internationally recognized by 24 governments (including the US, UK, Germany, Japan, and others). It’s interesting...
Page 1 of 1 (8 items)