If you haven’t downloaded it here (or here if you run 64 bit) and run it against your .NET code you probably should.
To support the CTP release of CAT.NET Andreas Fuchsberger (developer on CISG) and Ben Livshits (Microsoft Research) will be posting a series of blogs over the next few weeks about the work behind [...]
Archive for the 'ACE Team' Category
Series of Static Analysis Posts
December 22, 2008CAT.NET and Anti-XSS 3.0 Released for Free
December 15, 2008We have just released a free static analysis tool for .NET and the open source Anti-XSS 3.0 library (complete with Security Run-Time Engine).
http://blogs.msdn.com/cisg/archive/2008/12/15/anti-xss-3-0-beta-and-cat-net-community-technology-preview-now-live.aspx
The Five Year Business Dream
March 6, 2008It’s true, I read about it in one of those productivity blogs you know; the ones that are so compelling that they actually make you totally unproductive while reading them. Boom boom, he’s on all night ladies and gentlemen. The gist of the post was that you should write down your five year goal in [...]
Tenets of Effective BPM
February 28, 2008It’s no real secret what I am doing at Microsoft although I haven’t really blogged about it much. I do plan to start in the coming weeks with some long posts about platforms, information security BPM, applying business management techniques to the information security discipline, dashboards and business intelligence etc.
Before I do that and hot [...]
Andreas Fuchsberger Joins the Microsoft ACE Team
February 27, 2008A warm welcome to Andreas Fuchsberger who joins our team next week. Andreas lectures application security on the Royal Holloway Information Security Masters Degree and among other things participates in the ISO Security Standards process. We worked together before at ISS, in the mid-nineties he was one of my lecturers and we are delighted to [...]
FaceBooks is Tiring Fast and Here’s Why
February 23, 2008So I don’t get accused of jumping on the bandwagon in months to come, I have today drawn some new conclusions about platforms and “next.0″ Internet apps. As we all watch on to see if FaceBook topples back into the blue ocean or becomes a Google, my current conclusion is that I am simply bored [...]
Raffaele Rialdi on Threat Modelling
February 18, 2008There is a nice video on the Virtual TechEd site here of RR, a Security Developer MVP.
Raffaele Rialdi sits down with Lori Grosland and explains his work with security and the software development life cycle. He also talks about threat modeling and how there are new ways that it is being used to identify [...]
Hello SecureWorld
January 25, 2008Virtual labs, Videos and more
http://www.microsoft.com/click/hellosecureworld/default.mspx
Good Times Rolled in Israel
January 18, 2008[I wrote this blog post at 30,000 ft, listening to KT Tunstall's Drastic Fantastic album on my way back from a week in Tel Aviv. ]
In the New Year my part of the ACE Team expanded to include our Israel operations and I have been lucky enough to have inherited Alik Levin and Nimrod Luria. [...]
Generating a Security Code Review Checklist in Outlook 2007
January 17, 2008My colleague and legendary Hummus eater Alik Levin (that’s my plate at lunchtime today but rumours are that he once ate two) has written an excellent post about how to use the Guidance Explorer to generate a checklist while performing security code reviews.
His first post on his personal blog is here and a more comprehensive [...]

Recent Comments