Michael Howard's Web Log
A Simple Software Security Guy at Microsoft!
Security
(RSS)
SAFECode releases "Fundamental Practices for Secure Software Development" document
08 October 08 10:04 AM
Today, SAFECode released an important document entitled, “ Fundamental Practices for Secure Software Development ” aimed at helping software producers create more secure software. The document is unique in that it describes what SAFECode members are doing
Read More...
Practical Defense in Depth
26 September 08 12:50 PM
<sent from Cabo San Lucas Airport - heading back to Austin > Crosstalk has published an article for mine regarding how we use Defense in Depth within the SDL, and in Microsoft in general.
Read More...
SDL Evolution
16 September 08 09:02 PM
UPDATED : Added IOActive post As many of you have seen today , there's been plenty of press about us opening up the SDL for use by other software developers and releasing our threat modeling tool. For those of you who have no clue what the heck I'm talking
Read More...
GOOG Chrome's use of NX/DEP
15 September 08 07:18 AM
Scott Hanselman has a look under Chrome's hood and how it uses the new NX/DEP APIs we added to Windows . Scroll about halfway down the article.
Read More...
Kim Cameron on GOOGs single sign on design vulnerability
15 September 08 06:25 AM
I spoke with Kim Cameron a few days ago about Google's single sign-on (SSO) design bug . I wanted his take on the bug because he's one of the best in the area of identity, single sign-on etc etc... his response can only be described as scathing.
Read More...
Katie Moussouris joins the SDL team
12 September 08 01:06 PM
Dave Ladd just posted a note about Katie joing the ever-growing SDL team. For you twitter freaks out there she's @k8em0 :) Welcome, Katie...
Read More...
SDL and the XSS Filter
27 August 08 10:36 AM
Close on the heels of David Ross' XSS defense in IE8 beta 2, my boss, Steve Lipner just posted an article looking at XSS filter from an SDL perspective. While I'm on the subject of XSS and Dave, if XSS is an area of interest to you, you really should
Read More...
Overlong UTF-8 Escapes Bite
22 August 08 01:57 PM
Every once in a while a security bug pops up that really piques my interest, and a new directory traversal bug that affects Apache Tomcat (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938) most certainly made me take notice because I haven't
Read More...
Matt Miller Joins the Security Science Team!
18 August 08 09:18 AM
Good news! Matt Miller, author of plenty of cutting-edge security research, including my fave “ A Brief History of Exploitation Techniques and Mitigations on Windows ” has joined the Security Science team to work on improved ways to find security vulnerabilities
Read More...
Security is bigger than finding and fixing bugs
14 August 08 01:20 PM
I just wrapped up a post over on the SDL blog with some comments about an article on Google's security work.
Read More...
How Very True
12 August 08 04:56 PM
http://twitter.com/alexsotirov/statuses/882866444
Read More...
Improve Security with "A Layer of Hurt"
31 July 08 01:53 PM
I just wrote a post over on the SDL blog about how to get started with fuzzing,...
Read More...
Insecure 3rd party software updaters
29 July 08 12:51 PM
Gotta love Robert's sarcasm .. but he's right.
Read More...
SQL Server and the Windows Server 2008 Firewall
02 July 08 03:35 PM
SDL alum, Shawn Hernan (now in the SQL Server team), has written an excellent post about SQL Server 2008, Windows Server 2008 and the impact of the firewall being enabled by default in Windows Server 2008, the first time we have enabled a firewall by
Read More...
More on Heap Corruption and Process Termination
06 June 08 09:31 PM
I just added a post over on the SDL blog about heap corruption and process termination as well as some caveats you should be aware of if you use your own custom heap manager.
Read More...
More Posts
Next page »
Go
This Blog
Home
Links
Email
Tags
General
Personal
Privacy
Rant
Security
Vista
Archives
October 2008 (1)
September 2008 (7)
August 2008 (5)
July 2008 (3)
June 2008 (1)
May 2008 (1)
April 2008 (5)
March 2008 (5)
February 2008 (4)
January 2008 (9)
December 2007 (4)
November 2007 (4)
October 2007 (6)
September 2007 (1)
August 2007 (2)
July 2007 (4)
June 2007 (13)
May 2007 (6)
April 2007 (8)
March 2007 (11)
February 2007 (4)
January 2007 (8)
December 2006 (4)
November 2006 (14)
October 2006 (5)
September 2006 (6)
August 2006 (6)
July 2006 (2)
June 2006 (7)
May 2006 (8)
April 2006 (2)
March 2006 (5)
February 2006 (6)
January 2006 (10)
December 2005 (2)
November 2005 (2)
October 2005 (1)
September 2005 (4)
August 2005 (5)
July 2005 (5)
June 2005 (3)
May 2005 (9)
April 2005 (8)
March 2005 (5)
February 2005 (9)
January 2005 (7)
December 2004 (7)
November 2004 (9)
October 2004 (11)
August 2004 (13)
July 2004 (4)
June 2004 (12)
May 2004 (17)
April 2004 (2)
March 2004 (2)
February 2004 (3)
January 2004 (2)
Syndication
RSS 2.0
Atom 1.0
