I think I am going to rename this blog “Stuff that doesn’t fit into 140 chars” (stolen from Chris Anderson). I am mainly posting on Twitter these days, you can follow me here www.twitter.com/curphey .
I am not sure how I missed this absolute gem of a blog post but I did. It’s a great read [...]
Archive for the 'Software Security' Category
Gem of a Security Post
June 15, 2009SDL in Visual Studio Team System
May 19, 2009….has arrived.
Full details here.
Beautiful Security
May 11, 2009I have just got a few copies of Beautiful Security though the mail. Always nice to see your name on the cover of a book and your work in print.
http://oreilly.com/catalog/9780596527488/
Series of Static Analysis Posts
December 22, 2008If you haven’t downloaded it here (or here if you run 64 bit) and run it against your .NET code you probably should.
To support the CTP release of CAT.NET Andreas Fuchsberger (developer on CISG) and Ben Livshits (Microsoft Research) will be posting a series of blogs over the next few weeks about the work behind [...]
CAT.NET and Anti-XSS 3.0 Released for Free
December 15, 2008We have just released a free static analysis tool for .NET and the open source Anti-XSS 3.0 library (complete with Security Run-Time Engine).
http://blogs.msdn.com/cisg/archive/2008/12/15/anti-xss-3-0-beta-and-cat-net-community-technology-preview-now-live.aspx
Security Runtime Engine
October 24, 2008Today we posted some preview details about a .NET security runtime engine we have been working on that overloads encoding methods in the .NET framework. It’s pretty cool, running at near native speed!
http://blogs.msdn.com/cisg
Consumer Application Security or Enterprise Application Security ?
October 21, 2008When Linus Torvalds wrote about the security circus he echoed a lot of the sentiment I have felt for a while; when it comes to software security, people care about the wrong things for the wrong reasons. The sensationalism that follows the release of security bugs is of course understandable. The popular press want to [...]
NSA Posts Secrets to Writing Secure Code – Write at 38 LOC Per Day
October 21, 2008The National Security Agency has released a case study showing how to cost-effectively develop code with zero defects. If adopted widely, the practices advocated in the case study could help make commercial software programs more reliable and less vulnerable to attack, the researchers of the project conclude.
The case study is the write-up of an NSA-funded [...]

The Future : Regulation is Futile – Market Forces Will Prevail
April 28, 200939,000 ft over yet another ocean ……
I just watched an old Bill Joy talk from Ted 2006 via iTunes. Two key paraphrases struck me as prophetic.
“You can’t regulate the problem away”
“What we need is better networks”
In 2005 I did a series of public speaking events using a theme Naked security in which I stripped [...]
Categories: Information Security Economics, Long Tail Security, Microsoft, Platforms, Royal Holloway ISG, Second Life, Security 2.0, Security Industry, Security Platforms, Security metrics, Social Networking, Software Development, Software Security, Technology Commentary, Working at Microsoft, information security, open source
Comments: 6 Comments