Archive for the 'Software Development' Category

« Mark Curphey - SecurityBuddha.com home page
« Previous Entries
Next Entries »

CISG Team Blog

August 25, 2008

The CISG Team Blog is now operational. We are initially blogging about things we are doing with Anti-XSS (and related technologies) but plan to expand to cover our bigger projects over the coming months.
You can expect a wide range of posts from program management, user experience and code level developer commentary.
http://blogs.msdn.com/cisg/

Categories: CISG, Information Security Economics, Microsoft, Security Blogs, Security Platforms, Software Development, Software Security, Threat Modeling, Web Security, Working at Microsoft

Comments: 2 Comments

Torvalds on the "Security Circus"

July 18, 2008

According to CNET, in an e-mail to the Linux kernel developer mailing list, Torvalds said a section of the security industry was dedicated to finding bugs in software only to publicize their findings and gain notoriety.
Torvalds wrote that disclosing the bug itself was enough, without having to label each individual security flaw. He added [...]

Categories: Security Industry, Software Development, open source

Comments: 6 Comments

Code Junkie? Check This Out

June 12, 2008

RV is one of my core framework developers. His blog on MSDN is http://blogs.msdn.com/codejunkie/default.aspx. He will be contributing to our team blog when we open it in a few weeks. In the meantime check out his personal blog for workflow, web services, Team Foundation Server and other great .NET coding stuff.
Updated: Curphey …..”reminds me [...]

Categories: CISG, Microsoft, Software Development, Software Security, Working at Microsoft

Comments: Be the first to comment

The Real 80 / 20 Rule

June 10, 2008

It’s all about the framework (again)!

Categories: Frameworks, Information Security Economics, Microsoft, Platforms, Security Industry, Security Platforms, Social Networking, Software Development

Comments: Be the first to comment

GRC - Why It’s of LIMITED Interest to Me

June 10, 2008

I wanted to post a “rah rah” message to Rich Mogul when he posted that GRC platforms Are Dead. He was so spot on in my humble opinion that he made me smile for a week or so. I may be a bolshy arrogant git confident but re-assurance from smart people is always comforting. Today [...]

Categories: CISG, Compliance, Dashboards, Frameworks, Information Security Economics, Long Tail Security, Microsoft, Platforms, Security Industry, Security Platforms, Security metrics, Social Networking, Software Development, Working at Microsoft

Comments: 4 Comments

I am changing my blog subscriptions - Your help is needed

June 10, 2008

I am bored of the same old crap coming across my feed reader so I have decided to experiment; be ruthless and un-subscribe from anything that I don’t read (value) regularly and look for new fresh thinking and opinions. Sure the odd gem can be, well a “gem” and I may miss them but I [...]

Categories: Blogonomics, Blogroll, Information Security Economics, Security Industry, Software Development

Comments: 2 Comments

TechEd North America 2008

April 13, 2008

I will be speaking at TechEd in Orlando in June (and probably the TechEds in Australia and New Zealand in September).
The Connected Information Security Group - CISG, part of the Microsoft corporate information security team are working on a technology framework and set of applications to support corporate information security management programs. The Microsoft  and [...]

Categories: Cool Business, Information Security Economics, Microsoft, Platforms, Security Platforms, Software Development, Speaking, Working at Microsoft

Comments: 2 Comments

LinkedIn 2.0 + Neat IE8 Feature

March 6, 2008

 
How good is this!! A benchmark in web 2.0 usability if you ask me.
Also note the address bar. All host info is in light grey and the domain is in black. Simple but very clever UI design to help people become aware of phishing sites.

Categories: Productivity, Social Networking, Software Development

Comments: 1 Comment

Checklists -The Preserve of the Intelligent

February 17, 2008

As the New Yorker says “If something so simple can transform intensive care, what else can it do?”. Dennis Groves sent me this article a week ago and I read it twice. Each time I couldn’t stop myself thinking about how many people in the information security industry shun checklists and considering why this is. [...]

Categories: Cool Business, Information Security Economics, Productivity, Security Industry, Software Development

Comments: 4 Comments

Hello SecureWorld

January 25, 2008

Virtual labs, Videos and more
http://www.microsoft.com/click/hellosecureworld/default.mspx

Categories: ACE Team, Microsoft, Software Development, Software Security, Web Security, Working at Microsoft

Comments: 2 Comments

« Previous Entries
Next Entries »