Visit the New SDL (Security Development Lifecycle) Web Site
I wanted to mention to folks that a new Security Development Lifecycle (SDL) web site went up earlier this month on microsoft.com. Amazingly, you can navigate to it via http://www.microsoft.com/sdl,...
View ArticleNew Security Tools for IIS and SQL
In cast you didn't see it, the Microsoft Security Response Center (MSRC) team just announced the release of three tools to help customers fend off SQL injection attacks: UrlScan 3.0 Beta (see Wade...
View ArticleDownload: H1 2008 Desktop OS Vendor Report - Vulnerabilities and Days-of-Risk
This report looks at all of the vulnerabilities fixed by Apple, Microsoft, Red Hat and Ubuntu during the first half of 2008. At the vendor level, the report examines all vulnerabilities as well as Days...
View ArticleFeb09 Security Bulletin SDL Benefit Summary
Summaries from previous months: Jan09 Security Bulletin SDL Benefit SummaryWhen I do analysis and reports on Microsoft products, I typically look for where the Security Development Lifecycle (SDL) has...
View ArticleSDL Team Adds Test Tools to the SDL Tools Arsenel
Those of you that have been reading my blog a while know that part of my interest in security metrics is in trying to find ways to measure if Microsoft efforts to improve fundamental in security...
View ArticleExpanding SDL for Cloud and Agile Development
With more and more business customers deciding between client, cloud, or both for their computing environments, security guidance must be dynamic and evolve along with the community. Because security...
View ArticleSDL Awareness and Adoption High Among Security Professionals
UPDATE - Hear what others are saying about this survey: (Dark Reading) Survey Says: More Than Half of Software Companies Deploying Secure Coding Methods (NetworkWorld) Code Writers Finally Get...
View ArticlePlaying Better Defense: Protecting Against Cyber Threats
I’m happy today to introduce a guest blog post by Matt Thomlinson, the General Manager of Trustworthy Computing Security at Microsoft, who leads the Microsoft Security Engineering Center (MSEC), the...
View ArticleWeekly Roundup : OCT 7, 2011 : Farewell to Steve Jobs, Innovative Genius
Trending Security News The big news in the computer industry this week—and the big news far beyond our industry—was the passing of the innovative genius Steve Jobs. The New York Times story Apple’s...
View ArticleWeekly Roundup : Oct 21, 2011 : The Duqu Mystery - Son of Stuxnet?
Trending Security News This past week saw the return of Stuxnet code in the form of a new intelligence gathering malware attack called Duqu. Network World ran a FAQ on Son of Stuxnet story describing...
View ArticleWeekly Roundup : Oct 28, 2011 : National Security Agency Helping Private Sector
Trending Security News Governments around the world highlight the need for stronger cybersecurity as the Washington Post reports: Janet Napolitano: Hackers have ‘come close’ to major cyberattack . The...
View ArticleWeekly Roundup : Nov 4, 2011 : Calls for Closer International Cooperation...
Trending Security News The big happening this week was the London Conference on Cyberspace where government and private sector leaders from around the world gathered to share ideas on how to best...
View ArticleWeekly Roundup : Nov 11, 2011 : Operation Ghost Click ‘Biggest Cybercriminal...
Trending Security News Another win for the good guys this week as a multi-year, international operation dubbed “Operation Ghost Click” resulted with the result of cyber criminals in their native...
View ArticleWeekly Roundup : Nov 18, 2011 : Facebook Hit with ‘Porn Spam Attack’ and...
Trending Security News Two major players—Facebook and Android—dominated security news this week. The attack on Facebook involved bombarding users with pornography and horridly violent images....
View ArticleWeekly Roundup : Nov 25, 2011 : Black Friday and Cyber Monday Heralded with...
Trending Security News As people in the United States prepared to tuck into their Thanksgiving dinner, and tune out the incessant ads urging them to take advantage of the allegedly great shopping...
View ArticleWeekly Roundup : Dec 2, 2011 : Carrier IQ Diagnostic Software Drama “Spyware...
Trending Security News Carrier IQ, and its diagnostic software that is embedded in millions of smartphones worldwide, dominated the security news this week with all the drama of a fast-paced television...
View ArticleWeekly Roundup : Dec 30, 2011 : Taking a Look Back at Some of the Year’s Top...
Trending Security News In August we started posting the Weekly Roundup to share trending security news from many viewpoints. Week by week the flow of news provides insights into the ever growing...
View ArticleMicrosoft’s Free Security Tools – BinScope Binary Analyzer
This article in our series focused on Microsoft’s free security tools is on a tool called BinScope Binary Analyzer. This tool can be helpful for both developers and IT professionals that are auditing...
View ArticleMicrosoft’s Free Security Tools – banned.h
This article in our series focused on Microsoft’s free security tools is on the Security Development Lifecycle (SDL) banned.h header file. This is an important tool for developers who are trying to...
View ArticleSecurity Education from the front lines
I would consider myself very much a realist, and know full well that as an industry we often let the quest for perfection get in the way of “good enough.” I believe in simple, low friction tasks that...
View Article
More Pages to Explore .....