We have just released a free static analysis tool for .NET and the open source Anti-XSS 3.0 library (complete with Security Run-Time Engine).
http://blogs.msdn.com/cisg/archive/2008/12/15/anti-xss-3-0-beta-and-cat-net-community-technology-preview-now-live.aspx
Archive for the 'Software Development' Category
CAT.NET and Anti-XSS 3.0 Released for Free
December 15, 2008Modelling Throughout the Ages
November 18, 2008Just brilliant!
http://www.modelsremixed.com
Requires SilverLight…..
Azure – The Microsoft Cloud Arrives!
October 27, 2008Azure Platform Home Page
Windows Azure – The Cloud Services Operating System
.NET Services – Access Control, Services Bus and Workflow
SQL Services – Database Services
Live Services – LiveID, LiveEarth, Contacts
Digest that for a while (yes it really is that big), chuck in some LiveMesh and you’ll realize that Microsoft is now not the company you may think [...]
Security Runtime Engine
October 24, 2008Today we posted some preview details about a .NET security runtime engine we have been working on that overloads encoding methods in the .NET framework. It’s pretty cool, running at near native speed!
http://blogs.msdn.com/cisg
Consumer Application Security or Enterprise Application Security ?
October 21, 2008When Linus Torvalds wrote about the security circus he echoed a lot of the sentiment I have felt for a while; when it comes to software security, people care about the wrong things for the wrong reasons. The sensationalism that follows the release of security bugs is of course understandable. The popular press want to [...]
NSA Posts Secrets to Writing Secure Code – Write at 38 LOC Per Day
October 21, 2008The National Security Agency has released a case study showing how to cost-effectively develop code with zero defects. If adopted widely, the practices advocated in the case study could help make commercial software programs more reliable and less vulnerable to attack, the researchers of the project conclude.
The case study is the write-up of an NSA-funded [...]
Free Atlas of Cyberspace
October 20, 2008
I used to spend hours playing with Mappa Mundi tool (screen shots in the book) envisaging ways you could map security properties to parts of a web system and infer meaning. This totally free eBook (you can pay for the print version) is brilliant.
(The full content can be downloaded here, made available on Creative [...]
Security Technology UX
October 19, 2008I just can’t wait until security technology has UX as good as this
It maybe Hollywood fantasy today but with Silverlight and other technologies it’s not a million miles away these days.
The Future : Regulation is Futile – Market Forces Will Prevail
April 28, 200939,000 ft over yet another ocean ……
I just watched an old Bill Joy talk from Ted 2006 via iTunes. Two key paraphrases struck me as prophetic.
“You can’t regulate the problem away”
“What we need is better networks”
In 2005 I did a series of public speaking events using a theme Naked security in which I stripped [...]
Categories: Information Security Economics, Long Tail Security, Microsoft, Platforms, Royal Holloway ISG, Second Life, Security 2.0, Security Industry, Security Platforms, Security metrics, Social Networking, Software Development, Software Security, Technology Commentary, Working at Microsoft, information security, open source
Comments: 6 Comments