Michael Howard's Web Log
A Simple Software Security Guy at Microsoft!
Over the last couple of months, I have worked with some customers still using custom-written ActiveX...
Date: 06/03/2016
I received many comments from people asking me to clarify the following line from my previous blog...
Date: 05/20/2016
Almost 100% of my security work these days involves helping customers deploy their solutions on...
Date: 05/13/2016
I have been programming in C and C++ since I was 15 years old. And no, I won’t tell you how...
Date: 03/08/2016
I'm heading to TechEd Oz and NZ in a couple of hours to present the following: SEC312 The...
Date: 09/06/2009
https://blogs.msdn.com/sdl/archive/2009/07/28/atl-ms09-035-and-the-sdl.aspx
Date: 07/28/2009
I’ve been a firm believer of integrating as much security tooling as possible into the development...
Date: 05/19/2009
This was fun to write; in fact, other than minor edits I wrote it in a single two hour sitting with...
Date: 05/01/2009
Following close on the heels of security experts Matt Miller, Adam Shostack and Crispin Cowan...
Date: 03/24/2009
"For 25 years, Microsoft Press books have focused on helping you take your skills and knowledge to...
Date: 12/30/2008
https://searchsoftwarequality.techtarget.com/news/article/0,289142,sid92_gci1340940,00.html#
Date: 12/08/2008
At this point most of you have heard about the Microsoft SDL and some of activities and deliverables...
Date: 11/19/2008
David LeBlanc has an excellent write-up of the results (so far) of all the security work the Office...
Date: 11/17/2008
Volume 5 of the Microsoft Security Intelligence Report is now out, highlights include: Security...
Date: 11/03/2008
Bryan Sullivan and I wrote a couple of articles for this month's MSDN Magazine. If you're not aware,...
Date: 10/28/2008
Over the last year or so, a bunch of us in the SDL team have been working with agile groups across...
Date: 10/28/2008
Today, SAFECode released an important document entitled, “Fundamental Practices for Secure Software...
Date: 10/08/2008
<sent from Cabo San Lucas Airport - heading back to Austin > Crosstalk has published an...
Date: 09/26/2008
I've been doing this Twitter thing for a while now - I really like it, folks can get a feel for what...
Date: 09/17/2008
UPDATED: Added IOActive post As many of you have seen today, there's been plenty of press about us...
Date: 09/17/2008
SDL alumnus James Whittaker has a blog. I meant to write a note on this weeks ago, but I kinda got...
Date: 09/15/2008
Scott Hanselman has a look under Chrome's hood and how it uses the new NX/DEP APIs we added to...
Date: 09/15/2008
I spoke with Kim Cameron a few days ago about Google's single sign-on (SSO) design bug. I wanted his...
Date: 09/15/2008
Close on the heels of David Ross' XSS defense in IE8 beta 2, my boss, Steve Lipner just posted an...
Date: 08/27/2008
Every once in a while a security bug pops up that really piques my interest, and a new directory...
Date: 08/22/2008
I just wrapped up a post over on the SDL blog with some comments about an article on Google's...
Date: 08/14/2008
https://twitter.com/alexsotirov/statuses/882866444
Date: 08/12/2008
I just wrote a post over on the SDL blog about how to get started with fuzzing,...
Date: 07/31/2008
Gotta love Robert's sarcasm.. but he's right.
Date: 07/29/2008
SDL alum, Shawn Hernan (now in the SQL Server team), has written an excellent post about SQL Server...
Date: 07/02/2008
I just added a post over on the SDL blog about heap corruption and process termination as well as...
Date: 06/07/2008
I just posted an article on the SDL blog about the recent news of SQL injection vulnerabilities...
Date: 05/16/2008
It had to happen. Since joining Microsoft a few short months ago, Crispin Cowen now has a blog. He's...
Date: 04/28/2008
I just posted an article over on the SDL blog about security metrics in reponse to an analyst's...
Date: 04/18/2008
Dave Ladd has just made a (long) post over on the SDL blog announcing the availability of the SDL...
Date: 04/09/2008
Eric Lawrence just posted some commentary about IE8 and DEP/NX. As you may know, IE7 supports...
Date: 04/08/2008
David LeBlanc and I (and a bunch of others) just had a little email exchange about some fascinating...
Date: 04/04/2008
These are pretty cool - I'm a big fan of highly focused, short education like this......
Date: 03/30/2008
Update: Added Microsoft bulletin stuff. I'm always looking up CVEs so I want to get to the data as...
Date: 03/18/2008
MSDN Magazine has just published an article I wrote that collects many of the various C and C++...
Date: 03/17/2008
Following on from my recent post about Windows Vista security and the SDL, a number of people have...
Date: 03/06/2008
Windows Server 2008 has shipped! And a fine product it is, too! Windows Server 2008 is the first...
Date: 03/04/2008
I just wrote an article over on the SDL blog about my observations from the industry to Jeff Jones'...
Date: 02/21/2008
2/19 - Added some Minor Tweaks Perhaps it's the phase of the moon or something, but over the last...
Date: 02/18/2008
Today SAFECode, the Software Assurance Forum for Excellence in Code, introduced its first white...
Date: 02/14/2008
My colleague Eric Bidstrup has just posted a thought provoking article on the SDL blog about...
Date: 02/06/2008
In the interests of helping secure the platform, we want more people to opt-in to using Data...
Date: 01/29/2008
My kids are desperate for pets; my six-year old son wants a dog (note, a dog, not a puppy!) and my...
Date: 01/20/2008