Should we say goodbye to SecureString?

Dominick over at Least Privilege makes reference to the new functionality added to HawkEye which allows developers to display the contents of SecureString, and also change the current principal of the running thread. This looks like a really great debugging tool, and I’m thinking about paying the licensing fee to get a copy to play with…


Guidance Library filled with security goodness!

The folks over at the Patterns and Practices Team have done it again with the Guidance Library – containing all kinds of best practices, mini “How-Tos” and coding samples for .NET. What’s great about this site is that you can categorize the best practices by topic, including security, and create your own check lists for developers….


Don’t be a Security Nazi

I was out at a customer site last week and needed to have access to their internal corporate network to do some work for the week. Their process for providing access to outside consultants was actualy quite mature – basically, I needed to send an email to an internal address asking permission for access. A…


Two kinds of people – and the Orcas CTP as a VM!

There is an old saying out there: There are two kinds of people in the world – those who have lost all of their data, and those who will! I now count myself in the party of the first part. To make a long story short, I decided to upgrade to Windows Vista CTP a…