Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along . . . → Read More: 10 Years of Trustworthy Computing at Microsoft
If you like Scott Chaney’s suggestion he made at ISSE this week called Collective Defense – Applying Public Health Models to the Internet he raised very good points about the different roles the participants in the Internet Health Ecosystem have to play. Into that, the following article fits in fairly nicely: Comcast to notify subscribers with infected PCs . . . → Read More: Responsibility of ISPs for the ecosystem?
As you know (I stress that fairly often ), I am Swiss. The reason why I am stressing this today is that I want to give you an example on security from the Swiss market: The banks here on place compete with each other – obviously. However, I have never seen the banks competing on . . . → Read More: Vulnerability Disclosure to Compete?
The debate is probably as old as the Open Source software development model: Which one is more secure: Open Source or shared source as we at Microsoft run it? I know that we could now enter a religious debate about that, which I do not want to as I do not really believe in the . . . → Read More: Open Source and Hackers
This morning I was reading an article called Google seeks to assure customers on cloud security practices on ComputerWeekly. I had to read this – obviously . It references a paper written by the Google Security Officer called Security Whitepaper: Google Apps Messaging and Collaboration Products. So, I read through it and to me it . . . → Read More: We Need Solid and Strong Transparent Processes for the Cloud
Ait ss you know from my postings on Cloud and security and the paper on the Cloud Security Considerations we wrote, I am convinced that there are five areas you should look at, when you try to migrate to the Cloud:
Compliance and Risk Management Identity and Access Management Service Integrity Endpoint Integrity Information Protection . . . → Read More: Customer Stories: Why it is not THAT easy to move to the Cloud
“Unfortunately” I have been on vacation when we released the Security Intelligence Report last week. Nevertheless I would like to take the opportunity and look at it more from a EMEA perspective.
One of the interesting data points we always publish is the Malware Infection Rate. Remember, there is a huge amount of data we . . . → Read More: Microsoft Security Intelligence Report – What it means for EMEA
I was reading a paper recently, where I initially thought it is a joke (it looked scientifically, therefore I was not too scared). But as our research department did it, it is serious and really, really good – at least it definitely made me think. It is called So Long, And No Thanks for the . . . → Read More: Why Today’s End-User Education Fails!
On February 24th we announced the work we did on taking down Waledac – read Tim Cranton’s blog post called Cracking Down on Botnets.
Now it is time to look back and try to understand what we learned so far. sudosecure traces the Waledac infections and give a good view of new infections by the . . . → Read More: Results of Operation b49 (Botnet Takedown)
I often talk about how we learned to engineer security into the products and the results prove that we are on the right track. One of the challenges we always have is how to help the ecosystem to improve as well. One of the ways is to communicate through our website. Not, that this is . . . → Read More: Security Development Lifecycle – Website!