February 2008 - Posts

The First Step on the Road to More Secure Software is admitting you have a Problem
21 February 08 06:31 AM
I just wrote an article over on the SDL blog about my observations from the industry to Jeff Jones' vulnerability analysis and the lack of security progress by our competitors. Read More...
Postedby michael_HOWARD | 9 Comments    
Filed under: ,
FAQ about HeapSetInformation in Windows Vista and Heap Based Buffer Overruns
18 February 08 05:26 PM
2/19 - Added some Minor Tweaks Perhaps it's the phase of the moon or something, but over the last few weeks I have received more email about correctly using the HeapSetInformation function than any other topic. I really don't know why! This was added Read More...
Postedby michael_HOWARD | 4 Comments    
Filed under: ,
Introducing SAFECode
14 February 08 07:27 PM
Today SAFECode , the Software Assurance Forum for Excellence in Code, introduced its first white paper, "Software Assurance: An Overview of Current Industry Best Practices." The organization was founded by Microsoft, Symantec, EMC, SAP and Juniper to Read More...
Postedby michael_HOWARD | 6 Comments    
Filed under:
More trustworthy election systems via SDL?
06 February 08 06:03 PM
My colleague Eric Bidstrup has just posted a thought provoking article on the SDL blog about elections software and the SDL. Read More...
Postedby michael_HOWARD | 1 Comments    
Filed under:
Page view tracker