http://blogs.msdn.com/david_leblanc/archive/2007/07/24/security-dependencies.aspxThere's been an interesting little tempest in a teapot going on WRT IE and Firefox. I in general don't pay a whole lot of attention to the browser vuln du jour, but this one caught my eye - http://www.computerworld.com/action/article.do?command=viewArticleBasic&amp;articleId=9027718&amp;intsrc=news_ts_headen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/david_leblanc/archive/2007/07/24/security-dependencies.aspx#4047659Wed, 25 Jul 2007 21:03:07 GMT91d46819-8472-40ad-a661-2c78acb4018c:4047659 Larholm.com - Me, myself and I » Handling URL protocol handlers <p>PingBack from <a rel="nofollow" target="_new" href="http://larholm.com/2007/07/25/handling-url-protocol-handlers/">http://larholm.com/2007/07/25/handling-url-protocol-handlers/</a></p> http://blogs.msdn.com/david_leblanc/archive/2007/07/24/security-dependencies.aspx#4049802Thu, 26 Jul 2007 01:13:09 GMT91d46819-8472-40ad-a661-2c78acb4018c:4049802Alun Jones<P>Will Window follow your example and blame this on Frank?</P> <P>[dcl] No telling - you'd have to ask her.</P>http://blogs.msdn.com/david_leblanc/archive/2007/07/24/security-dependencies.aspx#4070503Fri, 27 Jul 2007 00:05:29 GMT91d46819-8472-40ad-a661-2c78acb4018c:4070503Philip Taron<P>Dave,</P> <P>Could you talk about how threat modeling that takes into account dependencies should work if those dependencies are part of the same software project, but produced by another team?</P> <P>Philip</P> <P>[dcl] Sure - I'll post briefly on that in a moment.</P>