Understanding Service Credits under 99.9% Service Level Agreements (SLA)

The new Microsoft Online services represent an excellent option for businesses to base all or part of their Exchange, Sharepoint and MeetingPlace functionality within a Microsoft hosted data center. But what about Service Level agreements for these services. What happens, for instance, if the service goes down for 2 hours in the middle of the day?…

1

SDL Trickle Down Theory

I just read a new article over in CSO-Online about our VP of Trustworthy Computing at Microsoft, Scott Charney. In it, they refer to him as the “Axe Man” and his ability to stop products from rolling out due to security concerns Since Charney joined Microsoft, on five occasions vice presidents in charge of products have disagreed with…

0

US Senate introduces strong privacy bill – YOU are accountable

This bill was introduced last year, and is making the rounds again. Some of the wording that IT Management might want to read very carefully, centers on their accountability when certain data breaches occur: Key features of the bipartisan legislation include increasing criminal penalties for identity theft involving electronic personal data and making it a…

0

New Threat Analysis and Modeling (TAM) 2.1 tool released

Containing many bug fixes and some enhancements, this is a great tool for organizations who may not have dedicated teams of security analysts, but want to model their application and automatically generate many of the possible threats. The following are some of the improvements and features. Improvements/Fixes– Better Data validation (Tool identifies duplicate items, call…

0

Mono not mentioned in Novell WebCast – but it is in the FAQ

As a developer, the first thing I thought about with the Novell announcement was Mono and whether or not Microsoft would be putting resources toward that Herculean effort. Miguel makes reference to the FAQ which talks about this subject: Q: What does the patent agreement cover with regard to Mono and OpenOffice? Yes, under the…

0

Should we say goodbye to SecureString?

Dominick over at Least Privilege makes reference to the new functionality added to HawkEye which allows developers to display the contents of SecureString, and also change the current principal of the running thread. This looks like a really great debugging tool, and I’m thinking about paying the licensing fee to get a copy to play with…

0

Guidance Library filled with security goodness!

The folks over at the Patterns and Practices Team have done it again with the Guidance Library – containing all kinds of best practices, mini “How-Tos” and coding samples for .NET. What’s great about this site is that you can categorize the best practices by topic, including security, and create your own check lists for developers….

0

Don’t be a Security Nazi

I was out at a customer site last week and needed to have access to their internal corporate network to do some work for the week. Their process for providing access to outside consultants was actualy quite mature – basically, I needed to send an email to an internal address asking permission for access. A…

1

Two kinds of people – and the Orcas CTP as a VM!

There is an old saying out there: There are two kinds of people in the world – those who have lost all of their data, and those who will! I now count myself in the party of the first part. To make a long story short, I decided to upgrade to Windows Vista CTP a…

0

Problems with Vista Security in Europe

I was wondering when this issue was going to come up in the anti-trust discussions. It seems as if the EU commission is raising concerns that the ‘bundled’ security features of Microsoft Vista might block out competitors in the security space. To me, (and I’m really trying hard to not be bias here), the decision…

0