April 2008 - Posts

Crispin has a blog!
28 April 08 11:08 AM
It had to happen. Since joining Microsoft a few short months ago, Crispin Cowen now has a blog . He's told me some of his ideas for posts... should make for an interesting read! He's never short on opinion. Read More...
Postedby michael_HOWARD | 1 Comments    
Filed under:
Oh No! Security Metrics!
18 April 08 08:33 AM
I just posted an article over on the SDL blog about security metrics in reponse to an analyst's criticisms of how we measure success/failure/progress. Comments always welcome. UPDATE David Litchfield just made a post on the subjet. Read More...
Postedby michael_HOWARD | 1 Comments    
Filed under:
Microsoft Security Development Lifecycle (SDL) 3.2 documentation now available for download
09 April 08 03:16 PM
Dave Ladd has just made a (long) post over on the SDL blog announcing the availability of the SDL 3.2 doc suite. This is a big deal. Read More...
Postedby michael_HOWARD | 3 Comments    
Filed under:
Internet Explorer 8.0 and Data Execution Prevention (DEP/NX)
08 April 08 01:23 PM
Eric Lawrence just posted some commentary about IE8 and DEP/NX. As you may know, IE7 supports DEP/NX, but it's disabled by default owing to compatibility issues. Well, DEP/NX is now enabled by default for IE8 when running on Windows Server 2008 and Window Read More...
Postedby michael_HOWARD | 2 Comments    
Filed under:
When adding security bugs to your code is not your fault!
04 April 08 02:55 PM
David LeBlanc and I (and a bunch of others) just had a little email exchange about some fascinating integer overflow vulnerabilities in gcc . Long story made short: the code you add to detect integer overflows might actually be removed by the compiler Read More...
Postedby michael_HOWARD | 19 Comments    
Filed under:
Page view tracker