Common Criteria: Is it Safe?

My colleague, Eric Bidstrup, has posted a thought provoking commentary about the Common Criteria. I think it’s fair to say Eric is simply voicing what a great many people think about the (lack of) value of CC.


Counterpoint to my SDL post

David has an interesting counterpoint post to my SDL post this morning. As expected he makes some valid observations.


Security is not all about Security Updates

I just posted an article about the SDL goals over on the SDL blog.


Today’s Dilbert :)

Perhaps I should change my name to “Mordac” From  


Oracle’s Original Unbreakable Paper

I know a lot of you have heard of, or know of, Oracle’s Unbreakable claims. I’m not going to get into the religious, technical or emotional claims around “Unbreakable”, but a few days ago I went to dig up the paper and couldn’t find it, so I searched the Web and sure enough, the paper…


I’m at TechEd in Barcelona this week

I’ll be there all week, I have a bunch of talks: SEC201 – The Security Development Lifecycle (5 November 2007 Start: 17:45 Finish: 19:00 Room: Room 123 ) SEC202 – Threat Modeling (6 November 2007 Start: 10:45 Finish: 12:00 Room: Room 116 ) SEC402 – Fundamental Security Changes in Windows Vista (Wed, Nov 7 09:00 – 10:15 Room 116…


New Microsoft Security Intelligence Report Available

The latest Security Intelligence Report is now available. To quote the Web page: The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Each individual report focuses on data and trends observed in either the first or…


Dev Tip: Opening Commonly-Accessed Files

When I’m writing code, there’s one file I need to access constantly – WinError.h, the file that lists all the Windows errors constants. SSSSoooo… I had to find a way to get to the file which is buried somewhere in the C:\Program Files\blah blah\Visual Studio blah blah\VC\something\include\lots-of files-starting-with-‘W’-and-ending-in-‘h’ folder, often and quickly. What I did was…