Welcome to MSDN Blogs Sign in | Join | Help

Michael Howard's Web Log

A Simple Software Security Guy at Microsoft!

November 2006 - Posts

Wresting free from a software straitjacket
There's an interesting article over at C|Net about security in general, and Microsoft and the SDL in particular. One thing the author points out as important is BillG's Trustworthy Computing memo. IMHO, here's why such an email is so important. If you Read More...
Microsoft beats Oracle in security showdown
http://www.vnunet.com/vnunet/news/2169225/microsoft-beats-oracle-security Read More...
Which Database is More Secure? Oracle vs Microsoft
I was quite surprised when a number of folks criticized the data used in the report titled " Microsoft SQL Server Runs the Security Table " from ESG - it was just CVE data! Well, David Litchfield has done some of his own research, and created a report Read More...
Anti-Cross Site Scripting Library v1.5 Now Available
Earlier this year I wrote a blog post about Anti-XSS Library v1.0. Well, it's been updated with new methods to escape other kinds of data. You should start at the landing page . Read More...
eXPired!
I received a number of emails about the 'eXPired' poster on my office door, heck it even made " Quote of the Week " in the Seattle Post-Intelligencer (scroll to the bottom.) So here it is (click for a bigger image) As for Tigger - he's my mood indicator Read More...
Microsoft SQL Server Runs the Security Table
In my opinion, SQL Server 2000 SP3, SQL Server 2005 and IIS6 have been the poster-children for SDL. Enterprise Strategy Group just released a research paper comparing the security of SQL Server with Oracle and MySQL. And no, this was not commissioned Read More...
Symantec's "The Mac OS X Threat Landscape: An Overview"
This is probably the most in-depth analysis of Mac OS X security I've ever read. It's a worthwhile read. I was especially fascinated by the last section on preventative measures because we've spent so much time on this stuff in Windows Vista, and it's Read More...
Jim's Comments about Windows Vista and Antivirus software
When I read the interview " Allchin Suggests Vista Won't Need Antivirus " with Jim Allchin I shuddered, and then I realized he'd been taken out of context. Jim is no fool. Anyway, he's responded , and I'm happy to see he has. Long time Microsoft watcher, Read More...
Microsoft hosts OEM partners for a crash-course in SDL (Day Three)
So, the final day of the SDL sessions for our OEM partners is complete... My biggest observation was these guys were utterly engaged, and by that I mean writing copious notes and asking some very pointed and deep questions. The companies could have sent Read More...
Microsoft hosts OEM partners for a crash-course in SDL (Day Two)
Day two of the SDL training session for OEMs went well. James Whittaker led the discussion for the first half of the morning, discussing security testing. His main point was that testing for security requires a diffferent mind set - you still have to Read More...
Windows Vista Security Guide Now Available
http://www.microsoft.com/technet/windowsvista/security/guide.mspx Read More...
Windows Vista - We're Done!
I'm so glad to have been involved in the development of Windows Vista, it's a wonderful OS. For the longest time I hung on to Windows XP SP2, thinking it's "good enough" but after using Vista for over a year now on my daily laptop, I simply can't go back. Read More...
Microsoft hosts OEM partners for a crash-course in SDL (Day One)
As part of our ongoing SDL efforts, we are hosting a 2.5 day event here in Redmond for our OEM partners – over 50 senior technical experts from the biggest names in the computer industry. Out of respect for our partners I won’t name names, but the “usual Read More...
The Security Development Lifecycle (SDL). Advantage, Microsoft
Enterprise Strategy Group analyst Jon Oltsik has published a non-commissioned research note lauding Microsoft’s efforts to develop industry leading secure coding practices through its Security Development Lifecycle (SDL). The report gives a historical Read More...
Page view tracker