Michael Howard's Web Log
A Simple Software Security Guy at Microsoft!
November 2006 - Posts
Wresting free from a software straitjacket
30 November 06 01:52 PM
There's an interesting article over at C|Net about security in general, and Microsoft and the SDL in particular. One thing the author points out as important is BillG's Trustworthy Computing memo. IMHO, here's why such an email is so important. If you
Read More...
Microsoft beats Oracle in security showdown
22 November 06 07:22 AM
http://www.vnunet.com/vnunet/news/2169225/microsoft-beats-oracle-security
Read More...
Which Database is More Secure? Oracle vs Microsoft
20 November 06 11:33 PM
I was quite surprised when a number of folks criticized the data used in the report titled " Microsoft SQL Server Runs the Security Table " from ESG - it was just CVE data! Well, David Litchfield has done some of his own research, and created a report
Read More...
Anti-Cross Site Scripting Library v1.5 Now Available
20 November 06 01:49 PM
Earlier this year I wrote a blog post about Anti-XSS Library v1.0. Well, it's been updated with new methods to escape other kinds of data. You should start at the landing page .
Read More...
eXPired!
16 November 06 09:55 AM
I received a number of emails about the 'eXPired' poster on my office door, heck it even made " Quote of the Week " in the Seattle Post-Intelligencer (scroll to the bottom.) So here it is (click for a bigger image) As for Tigger - he's my mood indicator
Read More...
Microsoft SQL Server Runs the Security Table
16 November 06 09:18 AM
In my opinion, SQL Server 2000 SP3, SQL Server 2005 and IIS6 have been the poster-children for SDL. Enterprise Strategy Group just released a research paper comparing the security of SQL Server with Oracle and MySQL. And no, this was not commissioned
Read More...
Symantec's "The Mac OS X Threat Landscape: An Overview"
15 November 06 08:29 AM
This is probably the most in-depth analysis of Mac OS X security I've ever read. It's a worthwhile read. I was especially fascinated by the last section on preventative measures because we've spent so much time on this stuff in Windows Vista, and it's
Read More...
Jim's Comments about Windows Vista and Antivirus software
11 November 06 11:14 AM
When I read the interview " Allchin Suggests Vista Won't Need Antivirus " with Jim Allchin I shuddered, and then I realized he'd been taken out of context. Jim is no fool. Anyway, he's responded , and I'm happy to see he has. Long time Microsoft watcher,
Read More...
Microsoft hosts OEM partners for a crash-course in SDL (Day Three)
09 November 06 04:01 PM
So, the final day of the SDL sessions for our OEM partners is complete... My biggest observation was these guys were utterly engaged, and by that I mean writing copious notes and asking some very pointed and deep questions. The companies could have sent
Read More...
Microsoft hosts OEM partners for a crash-course in SDL (Day Two)
09 November 06 08:08 AM
Day two of the SDL training session for OEMs went well. James Whittaker led the discussion for the first half of the morning, discussing security testing. His main point was that testing for security requires a diffferent mind set - you still have to
Read More...
Windows Vista Security Guide Now Available
08 November 06 08:33 PM
http://www.microsoft.com/technet/windowsvista/security/guide.mspx
Read More...
Windows Vista - We're Done!
08 November 06 11:26 AM
I'm so glad to have been involved in the development of Windows Vista, it's a wonderful OS. For the longest time I hung on to Windows XP SP2, thinking it's "good enough" but after using Vista for over a year now on my daily laptop, I simply can't go back.
Read More...
Microsoft hosts OEM partners for a crash-course in SDL (Day One)
07 November 06 10:31 PM
As part of our ongoing SDL efforts, we are hosting a 2.5 day event here in Redmond for our OEM partners – over 50 senior technical experts from the biggest names in the computer industry. Out of respect for our partners I won’t name names, but the “usual
Read More...
The Security Development Lifecycle (SDL). Advantage, Microsoft
06 November 06 02:22 PM
Enterprise Strategy Group analyst Jon Oltsik has published a non-commissioned research note lauding Microsoft’s efforts to develop industry leading secure coding practices through its Security Development Lifecycle (SDL). The report gives a historical
Read More...
Go
This Blog
Home
Links
Email
Tags
General
Personal
Privacy
Rant
Security
Vista
Archives
April 2008 (5)
March 2008 (5)
February 2008 (4)
January 2008 (9)
December 2007 (4)
November 2007 (4)
October 2007 (6)
September 2007 (1)
August 2007 (2)
July 2007 (4)
June 2007 (13)
May 2007 (6)
April 2007 (8)
March 2007 (11)
February 2007 (4)
January 2007 (8)
December 2006 (4)
November 2006 (14)
October 2006 (5)
September 2006 (6)
August 2006 (6)
July 2006 (2)
June 2006 (7)
May 2006 (8)
April 2006 (2)
March 2006 (5)
February 2006 (6)
January 2006 (10)
December 2005 (2)
November 2005 (2)
October 2005 (1)
September 2005 (4)
August 2005 (5)
July 2005 (5)
June 2005 (3)
May 2005 (9)
April 2005 (8)
March 2005 (5)
February 2005 (9)
January 2005 (7)
December 2004 (7)
November 2004 (9)
October 2004 (11)
August 2004 (13)
July 2004 (4)
June 2004 (12)
May 2004 (17)
April 2004 (2)
March 2004 (2)
February 2004 (3)
January 2004 (2)
Syndication
RSS 2.0
Atom 1.0