June 2009 - Posts
Hi, Michael here. This is part one of a two part series of posts by myself and Bryan Sullivan; I will cover the static analysis tools we use at Microsoft (and make available publicly) for analyzing unmanaged (ie; Native) C and C++ code, and Bryan will
Read More...
We wanted to take a minute to point out this good post from Gunnar Peterson. He’s right, and it’s worth repeating: we threat model not to find threats, but to find and implement countermeasures. We’re glad to see people building on our work
Read More...
Hey everyone, Jeremy Dallman here. Today I will be co-blogging with David Lenoe (Group Program Manager, Adobe Secure Software Engineering Team (ASSET)). Now, here’s the story behind the Microsoft and Adobe security pairing … A couple of years ago, Microsoft
Read More...
Hi, Michael here. A while back I wrote a blog post explaining the Standard Annotation Language (SAL) which is a technology we use to help static analysis tools find more bugs, including security vulnerabilities, in C and C++ code. If you look closely
Read More...
Hi all, Anmol Malhotra here… I’m a Senior Security Engineer with Microsoft’s ACE (Assessment, Consulting & Engineering) Team. We are part of Microsoft Information Security group and our mission is to enable secure and reliable business for Microsoft
Read More...
