Georgeo Pulikkathara's Microsoft Blog : trustworthy computing

Microsoft Trustworthy Developer Content Strategy

Georgeo Pulikkathara — Thu, 24 Jul 2008 10:29:07 GMT

Technorati Tags: developer content strategy,privacy,security

I was at my Vice President's (Scott Charney) all hands meeting last month. Scott was talking about the need to discuss online safety and Green IT to IT Pros and developers. I was taking some notes and Maslow's Hierarchy of Needs pyramid came to mind.

I thought of what Scott was saying and realized that there was a order to what we need to communicate and drive awareness for. Before we can talk about data privacy to developers and IT Professionals, it was necessary to ensure that the customers platform and applications were secure. Only then can you even think of approaching data privacy.

If an ISV or a corporate development team is to consider data privacy as a requirement, then Security is mandatory. If you're a ISV or a independent software vendor, then you're going to have to answer the questions to your customers who are going to ask you the obvious question, "Am I safe online?".

Online Safety is comprised of Privacy and Security. Let's say you want to provide online safety to your customers who buy your software. You'll probably want to ensure that there is legislation/compliance in place to drive the online safety to protect the customer as well as independent software vendors to limit your liability when you've taken the time and due diligence to ensure your application development efforts coincide with the Microsoft Development Lifecycle.

The way we drive awareness and provide privacy and security for customers is by ensuring that independent software vendors are utilizing the Microsoft SDL in their software development efforts along with organization that expose customer data through online banking portals, or online account access.

TechEd 2008 is coming!

Georgeo Pulikkathara — Wed, 30 Apr 2008 23:28:12 GMT

Are you going to TechEd 2008? If so, please stop by our Security Development Lifecycle booth and chat with us about how you plan for security and threat modeling in your application design and development.

Microsoft TechEd 2008 Website

In the mean time check out Adam's post on SDL and threat modeling. He's attached a PDF of his slides from his presentation at Toorcon last weekend.

Security Development Lifecycle Blog

Microsoft device helps police pluck evidence from cyberscene of crime

Georgeo Pulikkathara — Tue, 29 Apr 2008 20:22:00 GMT

What's Microsoft doing to help fight cyber crime? Check out this article from the Seattle Times. Here's an excerpt...

"....Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.

The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.

The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.

It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.

More than 2,000 officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States, are using the device, which Microsoft provides free......"

How Do I: Export and Import Certificates?

Georgeo Pulikkathara — Fri, 25 Apr 2008 09:22:00 GMT

We've got a series of short how to videos at the msdn security developer center that provides you quick overviews on topics such as how to import/export certificates, and how to get started with encryption. by Lamees Ayman.

Let us know what you think of these videos. Helpful, too basic, or just right. I'm thinking of making more videos like this for our developer community to consume.

Technorati Tags: developer security videos

Thanks,

George

georgeop@microsoft.com or (425) 707-6912

George's Blog

Georgeo Pulikkathara — Thu, 24 Apr 2008 23:19:26 GMT

You may remember me from my days at MSDN Webcasts or from when I was managing the worldwide Microsoft Certified Professional Program at Microsoft Learning.

Well I'm over here now with Jed Pickel and Jacqueline Beauchere to get the word out to our developer communities on all that Microsoft is doing around security and privacy for our customers.

We're building some great security how to content that will be featured at http://www.microsoft.com/security as well as at http://msdn.microsoft.com/security to help you make sense of what to do when addressing security concerns with your application development efforts on Microsoft tools and technologies.

Warmest Regards,

Georgeo X. Pulikkathara

georgeop@microsoft.com (425) 707-6912