Browse by Tags

Tagged Content List
  • Blog Post: SDL and Compliance: New Blog Series at Security Blogs

    Arjuna Shunn here. Our friends over on the security blog have done up a series of posts about SDL and compliance which are worth reading. Using data from numerous sources, ranging from our SDL and HIPAA whitepaper, our SDL and PCI DSS/PA-DSS whitepaper, and from our SDL Chronicles among others, they’ve...
  • Blog Post: Evolving Secure Code at Microsoft and Beyond

    Steve Lipner here… Over the past few weeks, Microsoft has been reflecting on the ten year anniversary of the Trustworthy Computing initiative; thinking about the things that have led us to this point in our history and speculating about the future. Obviously a big part of our work has been...
  • Blog Post: Updated Banned API Documentation Available

    Hi, Michael Howard here. One very low-cost and low-friction SDL task that has high impact is removing (and not adding) banned functionality. The most common examples of banned functionality include various C runtime functions, such as strcpy(), strcat(), strncpy(), sprint(), gets() and their evil...
  • Blog Post: Tooling News: Web Application Configuration Analyzer Released

    Hello all, this is Monty LaRue posting with some SDL related tools news. Microsoft has recently released an updated version of the Web Application Configuration Analyzer (WACA). While this tool isn't intended to satisfy specific SDL requirements, it is valuable for performing best practices checks on...
  • Blog Post: For your consideration: The SDL Progress Report

    Hello all - Dave here... I wanted to take a few moments to alert you to a new publication from Trustworthy Computing entitled "The SDL Progress Report." This work has been in progress for a number of months and incorporates data and analysis from various groups in our organization. We hope you find...
  • Blog Post: It's Really Only 16 Security Practices - Implementation Guidance Included!

    [update 3/22/10: The Excel spreadsheet referenced in this post is now available for download: http://go.microsoft.com/?linkid=9764798 ] Hey everyone, Jeremy Dallman here with a new way to sort and view the SDL practices and implementation guidance. In April 2010, we worked closely with the Archer...
Page 1 of 1 (6 items)