If you haven’t downloaded it here (or here if you run 64 bit) and run it against your .NET code you probably should.
To support the CTP release of CAT.NET Andreas Fuchsberger (developer on CISG) and Ben Livshits (Microsoft Research) will be posting a series of blogs over the next few weeks about the work behind [...]
Archive for the 'Information Security Economics' Category
Series of Static Analysis Posts
December 22, 2008The World Has Started to Slope Backwards
December 17, 2008‘….A few months ago, a major Bangalore-based infotech company lost out on a $8 million contract. The company was expecting a business delegation to visit India before signing the contract, but 15 days before the date set for the deal, the meeting was abruptly called off.
The same team went to China instead. When the Indian [...]
CAT.NET and Anti-XSS 3.0 Released for Free
December 15, 2008We have just released a free static analysis tool for .NET and the open source Anti-XSS 3.0 library (complete with Security Run-Time Engine).
http://blogs.msdn.com/cisg/archive/2008/12/15/anti-xss-3-0-beta-and-cat-net-community-technology-preview-now-live.aspx
ISO Security Standards – JTC27 Trip Report
October 24, 2008If you are interested in following what’s happening in the ISO Security Standards world, you can navigate to the CISG blog and read our trip report.
http://blogs.msdn.com/cisg/
Enigma – Crypto for Kids
October 21, 2008
Brilliant!
http://blog.wired.com/geekdad/2008/10/enigma-crypto-c.html
Consumer Application Security or Enterprise Application Security ?
October 21, 2008When Linus Torvalds wrote about the security circus he echoed a lot of the sentiment I have felt for a while; when it comes to software security, people care about the wrong things for the wrong reasons. The sensationalism that follows the release of security bugs is of course understandable. The popular press want to [...]
NSA Posts Secrets to Writing Secure Code – Write at 38 LOC Per Day
October 21, 2008The National Security Agency has released a case study showing how to cost-effectively develop code with zero defects. If adopted widely, the practices advocated in the case study could help make commercial software programs more reliable and less vulnerable to attack, the researchers of the project conclude.
The case study is the write-up of an NSA-funded [...]
OWASP CISO Panel
October 20, 2008I didn’t go to OWASP NYC (put off by the vulnerability circus to be brutally honest) but I just watched the CISO panel and it’s just fantastic to see a panel of CISO’s discussing really important application security topics.
Jim Routh
‘…..view application security as a supply chain management problem’. Very wise!
‘Static analysis tools are most effective [...]
The Future : Regulation is Futile – Market Forces Will Prevail
April 28, 200939,000 ft over yet another ocean ……
I just watched an old Bill Joy talk from Ted 2006 via iTunes. Two key paraphrases struck me as prophetic.
“You can’t regulate the problem away”
“What we need is better networks”
In 2005 I did a series of public speaking events using a theme Naked security in which I stripped [...]
Categories: Information Security Economics, Long Tail Security, Microsoft, Platforms, Royal Holloway ISG, Second Life, Security 2.0, Security Industry, Security Platforms, Security metrics, Social Networking, Software Development, Software Security, Technology Commentary, Working at Microsoft, information security, open source
Comments: 6 Comments