Clik here to view.
Visit the New SDL (Security Development Lifecycle) Web Site
I wanted to mention to folks that a new Security Development Lifecycle (SDL) web site went up earlier this month on microsoft.com. Amazingly, you can navigate to it via http://www.microsoft.com/sdl,...
View ArticleClik here to view.
New Security Tools for IIS and SQL
In cast you didn't see it, the Microsoft Security Response Center (MSRC) team just announced the release of three tools to help customers fend off SQL injection attacks: UrlScan 3.0 Beta (see Wade...
View ArticleClik here to view.
Download: H1 2008 Desktop OS Vendor Report - Vulnerabilities and Days-of-Risk
This report looks at all of the vulnerabilities fixed by Apple, Microsoft, Red Hat and Ubuntu during the first half of 2008. At the vendor level, the report examines all vulnerabilities as well as Days...
View ArticleClik here to view.
Feb09 Security Bulletin SDL Benefit Summary
Summaries from previous months: Jan09 Security Bulletin SDL Benefit SummaryWhen I do analysis and reports on Microsoft products, I typically look for where the Security Development Lifecycle (SDL) has...
View ArticleClik here to view.
SDL Team Adds Test Tools to the SDL Tools Arsenel
Those of you that have been reading my blog a while know that part of my interest in security metrics is in trying to find ways to measure if Microsoft efforts to improve fundamental in security...
View ArticleClik here to view.
Expanding SDL for Cloud and Agile Development
With more and more business customers deciding between client, cloud, or both for their computing environments, security guidance must be dynamic and evolve along with the community. Because security...
View ArticleClik here to view.
SDL Awareness and Adoption High Among Security Professionals
UPDATE - Hear what others are saying about this survey: (Dark Reading) Survey Says: More Than Half of Software Companies Deploying Secure Coding Methods (NetworkWorld) Code Writers Finally Get...
View ArticleClik here to view.
Playing Better Defense: Protecting Against Cyber Threats
I’m happy today to introduce a guest blog post by Matt Thomlinson, the General Manager of Trustworthy Computing Security at Microsoft, who leads the Microsoft Security Engineering Center (MSEC), the...
View ArticleClik here to view.
Weekly Roundup : OCT 7, 2011 : Farewell to Steve Jobs, Innovative Genius
Trending Security News The big news in the computer industry this week—and the big news far beyond our industry—was the passing of the innovative genius Steve Jobs. The New York Times story Apple’s...
View ArticleClik here to view.
Weekly Roundup : Oct 21, 2011 : The Duqu Mystery - Son of Stuxnet?
Trending Security News This past week saw the return of Stuxnet code in the form of a new intelligence gathering malware attack called Duqu. Network World ran a FAQ on Son of Stuxnet story describing...
View ArticleClik here to view.
Weekly Roundup : Oct 28, 2011 : National Security Agency Helping Private Sector
Trending Security News Governments around the world highlight the need for stronger cybersecurity as the Washington Post reports: Janet Napolitano: Hackers have ‘come close’ to major cyberattack . The...
View ArticleClik here to view.
Weekly Roundup : Nov 4, 2011 : Calls for Closer International Cooperation...
Trending Security News The big happening this week was the London Conference on Cyberspace where government and private sector leaders from around the world gathered to share ideas on how to best...
View ArticleClik here to view.
Weekly Roundup : Nov 11, 2011 : Operation Ghost Click ‘Biggest Cybercriminal...
Trending Security News Another win for the good guys this week as a multi-year, international operation dubbed “Operation Ghost Click” resulted with the result of cyber criminals in their native...
View ArticleClik here to view.
Weekly Roundup : Nov 18, 2011 : Facebook Hit with ‘Porn Spam Attack’ and...
Trending Security News Two major players—Facebook and Android—dominated security news this week. The attack on Facebook involved bombarding users with pornography and horridly violent images....
View ArticleClik here to view.
Weekly Roundup : Nov 25, 2011 : Black Friday and Cyber Monday Heralded with...
Trending Security News As people in the United States prepared to tuck into their Thanksgiving dinner, and tune out the incessant ads urging them to take advantage of the allegedly great shopping...
View ArticleClik here to view.
Weekly Roundup : Dec 2, 2011 : Carrier IQ Diagnostic Software Drama “Spyware...
Trending Security News Carrier IQ, and its diagnostic software that is embedded in millions of smartphones worldwide, dominated the security news this week with all the drama of a fast-paced television...
View ArticleClik here to view.
Weekly Roundup : Dec 30, 2011 : Taking a Look Back at Some of the Year’s Top...
Trending Security News In August we started posting the Weekly Roundup to share trending security news from many viewpoints. Week by week the flow of news provides insights into the ever growing...
View ArticleClik here to view.
Microsoft’s Free Security Tools – BinScope Binary Analyzer
This article in our series focused on Microsoft’s free security tools is on a tool called BinScope Binary Analyzer. This tool can be helpful for both developers and IT professionals that are auditing...
View ArticleClik here to view.
Microsoft’s Free Security Tools – banned.h
This article in our series focused on Microsoft’s free security tools is on the Security Development Lifecycle (SDL) banned.h header file. This is an important tool for developers who are trying to...
View ArticleClik here to view.
Security Education from the front lines
I would consider myself very much a realist, and know full well that as an industry we often let the quest for perfection get in the way of “good enough.” I believe in simple, low friction tasks that...
View Article
