Security Development Lifecycle: Quick References

A quick one: An interesting download location: With the SDL Quick Security References (QSR), the Security Development Lifecycle (SDL) team introduces a series of basic guidance papers designed to address common vulnerabilities from the perspective of multiple business roles – business decision maker, architect, developer, and tester/QA. These papers will help you address a critical…

Information Security Management System for Microsoft Cloud Infrastructure

Just a quick one. Our Global Foundation Services organization (the ones who run our datacenters) just published a new whitepaper: Information Security Management System for Microsoft Cloud Infrastructure This paper describes the Information Security Management System program for Microsoft’s Cloud Infrastructure, as well as some of the processes and benefits realized from operating this model.…

Stuxnet talks – do we listen?

Stuxnet is a severe threat – that’s something we know for sure. But if we look at it – what do we really know? What can we learn? Let’s start from the beginning. As soon as Stuxnet hit the news, it was interesting to see, what was happening. There was a ton of speculation out…

Can cloud security ever work?

An interesting question, posed by V3.co.uk: Can cloud security ever work? – How relevant is the question by itself? When computers and especially personal computers were introduced, people asked as well whether the security on a PC will ever work – the question is just not relevant. Let’s face it: The Cloud will come! Period. We just have to figure out, how we will manage risks in the Cloud – that’s our job.