Summaries from previous months: Jan09 Security Bulletin SDL Benefit Summary When I do analysis and reports on Microsoft products, I typically look for where the Security Development Lifecycle (SDL) has helped to provide improvement and provide some stats on that.  This year, I decided to try and do this monthly to make it easier for me that when I do it all at once. This report is my attempt to capture and share that information.  I hope you find it useful. February Summary First, here...

I love it when a good, real-life example falls right into your lap. As you know from my recent posts, I’ve been doing a series of articles probing Mozilla and Firefox security claims.  I think I’ve been pretty open about why, but I always seem to get pushback around the idea that there might be some false perceptions out there that I want to push back on. Well, yesterday, Ed Burnette posted a blog entry on his ZDnet blog titled Firefox 3.0.6 fixes 69 bugs, some critical .  This is of course...

I’ve been busy doing analysis for the next article in my cio.com Firefox series of articles, looking at vulnerability disclosures during 2007 and 2008 and I stumbled upon a little factoid that I had not previously noticed – no single version of Firefox was available for the full year of 2008. In retrospect, I should have known this would happen, given the Mozilla policy of supporting the predecessor version for 6 months after a new release. Here is what the timeline looks like:   In my interactions...

[DISCLOSURE for those who don’t read about boxes: I work for Microsoft.] I admit that I enjoy discussing issues and digging into claims to see if I can find fractures or flaws in logic. When I ran product management teams for companies in previous roles, I would always review our draft product glossies and papers and generate a lot of red ink, providing feedback like “we can’t make this claim, we have no evidence to support it.” There are some countries where that is a particular concern (though...