Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along . . . → Read More: 10 Years of Trustworthy Computing at Microsoft
A result of a study by Kasperski lab is fairly promising – even though it shows the problem being raising up the stack:
For the very first time in its history, the top 10 rating of vulnerabilities includes products from just two companies: Adobe and Oracle (Java), with seven of those 10 vulnerabilities being found . . . → Read More: Windows Security Praised
Our Security Research and Defense team published a blog post, which is really interesting to read to understand how to protect Windows Vista and Windows 7: On the effectiveness of DEP and ASLR.
There is a lot of information on how both raise the bar for attackers. These are the key take away:
DEP and . . . → Read More: On the effectiveness of DEP and ASLR
A quick one: An interesting download location:
With the SDL Quick Security References (QSR), the Security Development Lifecycle (SDL) team introduces a series of basic guidance papers designed to address common vulnerabilities from the perspective of multiple business roles – business decision maker, architect, developer, and tester/QA. These papers will help you address a critical . . . → Read More: Security Development Lifecycle: Quick References
I think I told the story thousands of time and everybody knows it but I will do it the 1001st time now . When I joined Microsoft and became what is the Chief Security Advisor for Switzerland today, we had an airlift for Windows Server 2003. The Product Manager in Switzerland asked me to keynote . . . → Read More: The Importance of Application Security
And everybody tells me how secure they are….. So,according to this article Secunia: Apple makes the most vulnerable software in the market today, apple hast most vulns, then Oracle and then us (and then the rest). And you know, the interesting thing is that the comparison is not “apples with apples” as we tend to . . . → Read More: Secunia: Apple makes the most vulnerable software in the market today
The debate is probably as old as the Open Source software development model: Which one is more secure: Open Source or shared source as we at Microsoft run it? I know that we could now enter a religious debate about that, which I do not want to as I do not really believe in the . . . → Read More: Open Source and Hackers
I was recently pinged by a customer asking for the “real” version of this game. It was distributed at RSA in the US and I do not have any anymore – but you can still print it yourself.
So, if you want to introduce SDL or if you introduced it already and want to . . . → Read More: Want to introduce the Security Development Lifecycle? Play a Game
I often talk about how we learned to engineer security into the products and the results prove that we are on the right track. One of the challenges we always have is how to help the ecosystem to improve as well. One of the ways is to communicate through our website. Not, that this is . . . → Read More: Security Development Lifecycle – Website!