Practical Defense in Depth

<sent from Cabo San Lucas Airport – heading back to Austin > Crosstalk has published an article for mine regarding how we use Defense in Depth within the SDL, and in Microsoft in general.


Twitter Feed

I’ve been doing this Twitter thing for a while now – I really like it, folks can get a feel for what you’re up to each day. If you’re interested, you can see what I’m up to by clicking ‘Follow’ at


SDL Evolution

 UPDATED: Added IOActive post As many of you have seen today, there’s been plenty of press about us opening up the SDL for use by other software developers and releasing our threat modeling tool. For those of you who have no clue what the heck I’m talking about, here are a handful of articles about what…


James Whittaker has a blog

SDL alumnus James Whittaker has a blog. I meant to write a note on this weeks ago, but I kinda got busy! Anyway, if you’re a tester, or have a passing interest in test, James is one of the best and you should learn from him. He’s the author or coauthor of How to Break…


GOOG Chrome’s use of NX/DEP

Scott Hanselman has a look under Chrome’s hood and how it uses the new NX/DEP APIs we added to Windows. Scroll about halfway down the article.


Kim Cameron on GOOGs single sign on design vulnerability

I spoke with Kim Cameron a few days ago about Google’s single sign-on (SSO) design bug. I wanted his take on the bug because he’s one of the best in the area of identity, single sign-on etc etc… his response can only be described as scathing.


Katie Moussouris joins the SDL team

Dave Ladd just posted a note about Katie joing the ever-growing SDL team. For you twitter freaks out there she’s @k8em0 🙂 Welcome, Katie…