April 2008 - Posts
It had to happen. Since joining Microsoft a few short months ago, Crispin Cowen now has a blog . He's told me some of his ideas for posts... should make for an interesting read! He's never short on opinion.
Read More...
I just posted an article over on the SDL blog about security metrics in reponse to an analyst's criticisms of how we measure success/failure/progress. Comments always welcome. UPDATE David Litchfield just made a post on the subjet.
Read More...
Dave Ladd has just made a (long) post over on the SDL blog announcing the availability of the SDL 3.2 doc suite. This is a big deal.
Read More...
Eric Lawrence just posted some commentary about IE8 and DEP/NX. As you may know, IE7 supports DEP/NX, but it's disabled by default owing to compatibility issues. Well, DEP/NX is now enabled by default for IE8 when running on Windows Server 2008 and Window
Read More...
David LeBlanc and I (and a bunch of others) just had a little email exchange about some fascinating integer overflow vulnerabilities in gcc . Long story made short: the code you add to detect integer overflows might actually be removed by the compiler
Read More...