Ask Learn
Preview
Please sign in to use this experience.
Sign inNote
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
A Simple Software Security Guy at Microsoft!
Over the last couple of months, I have worked with some customers still using custom-written ActiveX...
Date: 06/03/2016
I received many comments from people asking me to clarify the following line from my previous blog...
Date: 05/20/2016
Almost 100% of my security work these days involves helping customers deploy their solutions on...
Date: 05/13/2016
I have been programming in C and C++ since I was 15 years old. And no, I won’t tell you how...
Date: 03/08/2016
I'm heading to TechEd Oz and NZ in a couple of hours to present the following: SEC312 The...
Date: 09/06/2009
https://blogs.msdn.com/sdl/archive/2009/07/28/atl-ms09-035-and-the-sdl.aspx
Date: 07/28/2009
I’ve been a firm believer of integrating as much security tooling as possible into the development...
Date: 05/19/2009
This was fun to write; in fact, other than minor edits I wrote it in a single two hour sitting with...
Date: 05/01/2009
Following close on the heels of security experts Matt Miller, Adam Shostack and Crispin Cowan...
Date: 03/24/2009
"For 25 years, Microsoft Press books have focused on helping you take your skills and knowledge to...
Date: 12/30/2008
https://searchsoftwarequality.techtarget.com/news/article/0,289142,sid92_gci1340940,00.html#
Date: 12/08/2008
At this point most of you have heard about the Microsoft SDL and some of activities and deliverables...
Date: 11/19/2008
David LeBlanc has an excellent write-up of the results (so far) of all the security work the Office...
Date: 11/17/2008
Volume 5 of the Microsoft Security Intelligence Report is now out, highlights include: Security...
Date: 11/03/2008
Bryan Sullivan and I wrote a couple of articles for this month's MSDN Magazine. If you're not aware,...
Date: 10/28/2008
Over the last year or so, a bunch of us in the SDL team have been working with agile groups across...
Date: 10/28/2008
Today, SAFECode released an important document entitled, “Fundamental Practices for Secure Software...
Date: 10/08/2008
<sent from Cabo San Lucas Airport - heading back to Austin > Crosstalk has published an...
Date: 09/26/2008
I've been doing this Twitter thing for a while now - I really like it, folks can get a feel for what...
Date: 09/17/2008
UPDATED: Added IOActive post As many of you have seen today, there's been plenty of press about us...
Date: 09/17/2008
SDL alumnus James Whittaker has a blog. I meant to write a note on this weeks ago, but I kinda got...
Date: 09/15/2008
Scott Hanselman has a look under Chrome's hood and how it uses the new NX/DEP APIs we added to...
Date: 09/15/2008
I spoke with Kim Cameron a few days ago about Google's single sign-on (SSO) design bug. I wanted his...
Date: 09/15/2008
Close on the heels of David Ross' XSS defense in IE8 beta 2, my boss, Steve Lipner just posted an...
Date: 08/27/2008
Every once in a while a security bug pops up that really piques my interest, and a new directory...
Date: 08/22/2008
I just wrapped up a post over on the SDL blog with some comments about an article on Google's...
Date: 08/14/2008
https://twitter.com/alexsotirov/statuses/882866444
Date: 08/12/2008
I just wrote a post over on the SDL blog about how to get started with fuzzing,...
Date: 07/31/2008
Gotta love Robert's sarcasm.. but he's right.
Date: 07/29/2008
SDL alum, Shawn Hernan (now in the SQL Server team), has written an excellent post about SQL Server...
Date: 07/02/2008
I just added a post over on the SDL blog about heap corruption and process termination as well as...
Date: 06/07/2008
I just posted an article on the SDL blog about the recent news of SQL injection vulnerabilities...
Date: 05/16/2008
It had to happen. Since joining Microsoft a few short months ago, Crispin Cowen now has a blog. He's...
Date: 04/28/2008
I just posted an article over on the SDL blog about security metrics in reponse to an analyst's...
Date: 04/18/2008
Dave Ladd has just made a (long) post over on the SDL blog announcing the availability of the SDL...
Date: 04/09/2008
Eric Lawrence just posted some commentary about IE8 and DEP/NX. As you may know, IE7 supports...
Date: 04/08/2008
David LeBlanc and I (and a bunch of others) just had a little email exchange about some fascinating...
Date: 04/04/2008
These are pretty cool - I'm a big fan of highly focused, short education like this......
Date: 03/30/2008
Update: Added Microsoft bulletin stuff. I'm always looking up CVEs so I want to get to the data as...
Date: 03/18/2008
MSDN Magazine has just published an article I wrote that collects many of the various C and C++...
Date: 03/17/2008
Following on from my recent post about Windows Vista security and the SDL, a number of people have...
Date: 03/06/2008
Windows Server 2008 has shipped! And a fine product it is, too! Windows Server 2008 is the first...
Date: 03/04/2008
I just wrote an article over on the SDL blog about my observations from the industry to Jeff Jones'...
Date: 02/21/2008
2/19 - Added some Minor Tweaks Perhaps it's the phase of the moon or something, but over the last...
Date: 02/18/2008
Today SAFECode, the Software Assurance Forum for Excellence in Code, introduced its first white...
Date: 02/14/2008
My colleague Eric Bidstrup has just posted a thought provoking article on the SDL blog about...
Date: 02/06/2008
In the interests of helping secure the platform, we want more people to opt-in to using Data...
Date: 01/29/2008
My kids are desperate for pets; my six-year old son wants a dog (note, a dog, not a puppy!) and my...
Date: 01/20/2008