10 Years of Trustworthy Computing at Microsoft
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ...
10 Reasons to migrate off Windows XP
I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ...
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security
A long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ...
Cybersecurity–More than a good headline
A lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy.
This made us thinking about what is needed to run a successful Cybersecurity Agenda within a country? What themes ought to be ...
Microsoft SDL Team Releases New Security Testing Tools By Roger Halbheer, on September 16th, 2009 I often mention that we try to give you all the tools we have as long as it makes sense form a risk perspective. The risk perspective is a simple one: If we give it to you as our customer, we give it as well to the criminals.
There are two new tools which just made the bar and which are now released by the Security Development Lifecycle (SDL) team:
- BinScope Binary Analyzer is a verification tool that confirms they the use of the correct compiler and linker protections required by the SDL. One of the things we learned is that the right compiler settings may change a lot (if the compiler and the linker are able to deliver accurate security)
- MiniFuzz File Fuzzer is a simple file fuzzer that is designed to ease your introduction into fuzz testing by supplying file formats that your application would otherwise not expect.
So, if you develop in-house, look at them and make use of them. If not, make sure your supplier uses them or something similar (we do…)
Additionally, you might remember that we released a Security Development Lifecycle Template for VisualStudio earlier this year (Security Development Lifecycle Template – Your next step to “Secure Development). Based on your feedback the SDL team has written a whitepaper on how to integrate their practices into your own process template: Whitepaper: Manually Integrating the SDL Process Template
Roger
Related posts:
- SDL and End to End Trust
- Testing our Security Technology
- Microsoft awarded for Security
- The Impact of the Security Development Lifecycle
- Windows 7 E – the new Microsoft Proposal to European Commission
Leave a Reply
|
|
|
