Security Innovation Security Engineering Study

The Security Innovation Security Engineering study,  Comparing Security in the Application Lifecycle – Microsoft and IBM Development Platforms Compared, is timely, given the emerging industry emphasis on integrating security in the life cycle.  My favorite quote in the study is “The patterns & practices security guidance covers the key security engineering activities better than any other…

3

OpenHack 4 (eWeek Labs): Web Application Security

Whenever I bring up the OpenHack 4 competition, most aren’t ware of it.  It was an interesting study because it was effectively an open “hack me with your best shot” competition.  I happened to know the folks on the MS side, like Erik Olson and Girish Chander, that helped secure the application, so it had…

6

@Stake Security Study: .NET 1.1 vs. WebSphere 5.0

I like competitive studies.  I’m usually more interested in the methodology than the outcome.  The methodology acts as a blueprint for what’s important in a particular problem space.  One of my favorite studies was the original @Stake study comparing .NET 1.1 vs. IBM’s WebSphere security, not just because our body of guidance made a direct and substantial difference in the outcome, but…

7