RV is one of my core framework developers. His blog on MSDN is http://blogs.msdn.com/codejunkie/default.aspx. He will be contributing to our team blog when we open it in a few weeks. In the meantime check out his personal blog for workflow, web services, Team Foundation Server and other great .NET coding stuff.
Updated: Curphey …..”reminds me [...]
Alex Hutton posted this follow up on my first post about checklists. He is of course spot on. Checklists in my humble opinion can provide a State of Nature, but can’t provide a State of Knowledge or a State of Wisdom (nice phrases). They certainly don’t do computation or analysis but what they do is [...]
Counting What Really Counts
Adapted from an article by Harry Robinson, Six Sigma test productivity program manager at Microsoft and sent to me by Daisy Huss on the ACE Team
The original article was published in Interface in December 2001.
Scene one. You are picnicking by a river. You notice someone in distress in the water. You [...]
My cool security friend JD has done it again (in BETA).
http://www.codeplex.com/WCFSecurityGuide
These things are the definitive guides to the topic. Masterpieces!
Download the Improving Web Services Security Guide(BETA)
I just love this pragmatically argued “Back of the Envelope” theory by Pete Lindstrom.
Virtual labs, Videos and more
http://www.microsoft.com/click/hellosecureworld/default.mspx
Something makes me smile, something makes me cringe. I am not sure which way is which; either way you have to admire the way Kleiner Perkins builds companies. Is the future of security start-ups all about the bling? (Apparently Perkins now lives near me in East Sussex BTW!)
The New Face of Cybercrime: Video Here.
My colleague and legendary Hummus eater Alik Levin (that’s my plate at lunchtime today but rumours are that he once ate two) has written an excellent post about how to use the Guidance Explorer to generate a checklist while performing security code reviews.
His first post on his personal blog is here and a more comprehensive [...]
When a customer development team was recently asked to use the AntiXSS library, validate input and encode output for their web interface they replied (and I quote) “we do not use cross site scripting”.
If any customer ever asks the single most effective thing to affect a positive change on their software security security program I [...]
New article from John Steer on my team
Security Policies in the Application Development Process
Recent Comments