Michael Howard's Web Log

A Simple Software Security Guy at Microsoft!

Over the last couple of months, I have worked with some customers still using custom-written ActiveX...

Date: 06/03/2016

I received many comments from people asking me to clarify the following line from my previous blog...

Date: 05/20/2016

Almost 100% of my security work these days involves helping customers deploy their solutions on...

Date: 05/13/2016

I have been programming in C and C++ since I was 15 years old. And no, I won’t tell you how...

Date: 03/08/2016

I'm heading to TechEd Oz and NZ in a couple of hours to present the following: SEC312 The...

Date: 09/06/2009

https://blogs.msdn.com/sdl/archive/2009/07/28/atl-ms09-035-and-the-sdl.aspx

Date: 07/28/2009

I’ve been a firm believer of integrating as much security tooling as possible into the development...

Date: 05/19/2009

This was fun to write; in fact, other than minor edits I wrote it in a single two hour sitting with...

Date: 05/01/2009

Following close on the heels of security experts Matt Miller, Adam Shostack and Crispin Cowan...

Date: 03/24/2009

"For 25 years, Microsoft Press books have focused on helping you take your skills and knowledge to...

Date: 12/30/2008

https://searchsoftwarequality.techtarget.com/news/article/0,289142,sid92_gci1340940,00.html#

Date: 12/08/2008

At this point most of you have heard about the Microsoft SDL and some of activities and deliverables...

Date: 11/19/2008

David LeBlanc has an excellent write-up of the results (so far) of all the security work the Office...

Date: 11/17/2008

Volume 5 of the Microsoft Security Intelligence Report is now out, highlights include: Security...

Date: 11/03/2008

Bryan Sullivan and I wrote a couple of articles for this month's MSDN Magazine. If you're not aware,...

Date: 10/28/2008

Over the last year or so, a bunch of us in the SDL team have been working with agile groups across...

Date: 10/28/2008

Today, SAFECode released an important document entitled, “Fundamental Practices for Secure Software...

Date: 10/08/2008

<sent from Cabo San Lucas Airport - heading back to Austin > Crosstalk has published an...

Date: 09/26/2008

I've been doing this Twitter thing for a while now - I really like it, folks can get a feel for what...

Date: 09/17/2008

UPDATED: Added IOActive post As many of you have seen today, there's been plenty of press about us...

Date: 09/17/2008

SDL alumnus James Whittaker has a blog. I meant to write a note on this weeks ago, but I kinda got...

Date: 09/15/2008

Scott Hanselman has a look under Chrome's hood and how it uses the new NX/DEP APIs we added to...

Date: 09/15/2008

I spoke with Kim Cameron a few days ago about Google's single sign-on (SSO) design bug. I wanted his...

Date: 09/15/2008

Close on the heels of David Ross' XSS defense in IE8 beta 2, my boss, Steve Lipner just posted an...

Date: 08/27/2008

Every once in a while a security bug pops up that really piques my interest, and a new directory...

Date: 08/22/2008

I just wrapped up a post over on the SDL blog with some comments about an article on Google's...

Date: 08/14/2008

https://twitter.com/alexsotirov/statuses/882866444

Date: 08/12/2008

I just wrote a post over on the SDL blog about how to get started with fuzzing,...

Date: 07/31/2008

Gotta love Robert's sarcasm.. but he's right.

Date: 07/29/2008

SDL alum, Shawn Hernan (now in the SQL Server team), has written an excellent post about SQL Server...

Date: 07/02/2008

I just added a post over on the SDL blog about heap corruption and process termination as well as...

Date: 06/07/2008

I just posted an article on the SDL blog about the recent news of SQL injection vulnerabilities...

Date: 05/16/2008

It had to happen. Since joining Microsoft a few short months ago, Crispin Cowen now has a blog. He's...

Date: 04/28/2008

I just posted an article over on the SDL blog about security metrics in reponse to an analyst's...

Date: 04/18/2008

Dave Ladd has just made a (long) post over on the SDL blog announcing the availability of the SDL...

Date: 04/09/2008

Eric Lawrence just posted some commentary about IE8 and DEP/NX. As you may know, IE7 supports...

Date: 04/08/2008

David LeBlanc and I (and a bunch of others) just had a little email exchange about some fascinating...

Date: 04/04/2008

These are pretty cool - I'm a big fan of highly focused, short education like this......

Date: 03/30/2008

Update: Added Microsoft bulletin stuff. I'm always looking up CVEs so I want to get to the data as...

Date: 03/18/2008

MSDN Magazine has just published an article I wrote that collects many of the various C and C++...

Date: 03/17/2008

Following on from my recent post about Windows Vista security and the SDL, a number of people have...

Date: 03/06/2008

Windows Server 2008 has shipped! And a fine product it is, too! Windows Server 2008 is the first...

Date: 03/04/2008

I just wrote an article over on the SDL blog about my observations from the industry to Jeff Jones'...

Date: 02/21/2008

2/19 - Added some Minor Tweaks Perhaps it's the phase of the moon or something, but over the last...

Date: 02/18/2008

Today SAFECode, the Software Assurance Forum for Excellence in Code, introduced its first white...

Date: 02/14/2008

My colleague Eric Bidstrup has just posted a thought provoking article on the SDL blog about...

Date: 02/06/2008

In the interests of helping secure the platform, we want more people to opt-in to using Data...

Date: 01/29/2008

My kids are desperate for pets; my six-year old son wants a dog (note, a dog, not a puppy!) and my...

Date: 01/20/2008

Next>