Security Wiki on Channel9

  • Article

Today, I cleaned up my Security Wiki on Channel9 at https://channel9.msdn.com/Security

The purpose of this Wiki is to let me share information that may not be completely fit and finish like on MSDN.  This comes in handy for a few things:

  • EcoSystem.  It's a part of my security information ecosystem.  Effectively, I flow information from my internal Wiki to Channel9 and then to MSDN at https://msdn.com/SecurityGuidance, as the information morphs from quick and dirty to more polished.  Think of it as incrementally rendering guidance and various degrees of "good enough".
  • Emerging and volatile information.  I like carving out the volatile information from the more stable information.  If the information is too volatile, I prefer to keep it on the Wiki and let the churn wear down before moving to MSDN.  For example, while we continue to learn the FAQs, I like having the ASP.NET 2.0 Security FAQ on the Wiki.
  • Experiments.  I like using the Wiki to explore ideas.  This could be a new way to see information or a new way to capture information.
  • Feedback.  I like proactive feedback.  With the Wiki, I can send links to Wiki pages to my customer base and ask their thoughts.  It's also easy to for customers to add comments to the end of a Wiki page.
  • "Good enough" information.  This may be the single most important feature.  Some information never quite makes the bar to be published on MSDN, but gets 80% of the way there.  For example, we didn't flesh out our ASP.NET 2.0 Security Scenarios and Solutions during our Security Guidance for .NET 2.0 project, but that doesn't mean you can't use them as is, to maybe save yourself a few cycles of your own pathfinding.
  • Indexes and views.  The Wiki let's me quickly mock up new ways to see information.  For example, I was able to create indexes for security checklists, security guidelines, and security how tos.  I later used this model on MSDN.  It also let me test out a way to present FAQs (see the ASP.NET 2.0 Security FAQ)
  • Stories and meta-information.   The Wiki is a good place to share some of the thinking and the behind the scenes.  In one example, I put together the key components of our application security methodology.  It's a bit choppy and more visual than text, but some customers were curious about the foundation of our guidance.  In another example, Ward shares his experience walking through end to end application scenarios with our p&p security team in "Making My First Scenario and Solution"

What's in store going forward for Security Wiki?  Well, potentially a lot.  I'm still thinking through some of the possibilities.  If you have things you'd really like to see more of, let me know, and I'll see what I can do.