Security
I’ve been a firm believer of integrating as much security tooling as possible into the development process so developers can get on with developing code and designing solutions rather than having to constantly think about dotting the security “i”s and
Read More...
This was fun to write; in fact, other than minor edits I wrote it in a single two hour sitting with my laptop by the pool :) http://msdn.microsoft.com/en-us/magazine/dd727503.aspx
Read More...
Following close on the heels of security experts Matt Miller , Adam Shostack and Crispin Cowan joining Microsoft, I am pleased to announce that Ken Johnson, AKA Skywing, has joined our group. Ken brings an enormous amount of reverse engineering and defense-subversion
Read More...
"For 25 years, Microsoft Press books have focused on helping you take your skills and knowledge to the next level. Celebrate our 25th Anniversary with a "Free E-Book of the Month" offer! Simply sign up for the Microsoft Press Book Connection Newsletter
Read More...
http://searchsoftwarequality.techtarget.com/news/article/0,289142,sid92_gci1340940,00.html #
Read More...
David LeBlanc has an excellent write-up of the results (so far) of all the security work the Office guys have been doing over the last few years. Net: about a 50% reduction in vulns!
Read More...
Volume 5 of the Microsoft Security Intelligence Report is now out , highlights include: Security vulnerability disclosures - Microsoft and third-party software Vulnerability Exploits – Microsoft software Browser-based exploits - Microsoft and third-party
Read More...
Bryan Sullivan and I wrote a couple of articles for this month's MSDN Magazine. If you're not aware, November focuses on Security. The two articles are: Test Your Security IQ Threat Models Improve Your Security Process And there's the Agile SDL paper
Read More...
Over the last year or so, a bunch of us in the SDL team have been working with agile groups across Microsoft to help streamline the SDL for agile methods. Bryan Sullivan wrote a paper for MSDN Magazine explaining where our current throughts lie. Clearly
Read More...
Today, SAFECode released an important document entitled, “ Fundamental Practices for Secure Software Development ” aimed at helping software producers create more secure software. The document is unique in that it describes what SAFECode members are doing
Read More...
<sent from Cabo San Lucas Airport - heading back to Austin > Crosstalk has published an article for mine regarding how we use Defense in Depth within the SDL, and in Microsoft in general.
Read More...
UPDATED : Added IOActive post As many of you have seen today , there's been plenty of press about us opening up the SDL for use by other software developers and releasing our threat modeling tool. For those of you who have no clue what the heck I'm talking
Read More...
Scott Hanselman has a look under Chrome's hood and how it uses the new NX/DEP APIs we added to Windows . Scroll about halfway down the article.
Read More...
I spoke with Kim Cameron a few days ago about Google's single sign-on (SSO) design bug . I wanted his take on the bug because he's one of the best in the area of identity, single sign-on etc etc... his response can only be described as scathing.
Read More...
Dave Ladd just posted a note about Katie joing the ever-growing SDL team. For you twitter freaks out there she's @k8em0 :) Welcome, Katie...
Read More...
