This article in our series focused on Microsoft’s free security tools is on the Security Development Lifecycle (SDL) banned.h header file. This is an important tool for developers who are trying to minimize the number of security vulnerabilities that exist in the C or C++ code they write.  It’s also important for IT Professionals to know about this tool as they can ask the ISVs and developers of the applications they deploy and operate in their environments whether they were developed using banned.h.

...

Today at RSA China, Jing de Jong-Chen (senior director, Trustworthy Computing) delivered a keynote outlining the next steps in Microsoft’s evolved security, privacy and reliability strategies for cloud and big data. Scott Charney’s Trustworthy Computing Next whitepaper highlights several interesting computing trends right now:

...

This week we launched a new Windows Phone application that is designed to provide our readers with an easy way to access Trustworthy Computing blogs through their Windows Phone devices. Our Trustworthy Computing Blogs provide customers with the latest insights from our security, privacy and reliability experts, information on mitigation tools, secure development, security updates, tips and tricks and much more.  The application is available today in the Windows Phone marketplace and I encourage you to download it and share your feedback. 

...

This article in our series focused on Microsoft’s free security tools is on the Security Development Lifecycle (SDL) Threat Modeling Tool.

For a quick backgrounder on threat modeling, let me recommend an article that my colleague, Michael Howard, recently published on threat modeling. 

...

This blog post is part of a continuing series on the Trust in Computing Research , a survey we undertook across nine countries and thousands of individuals during a project called TwC Next . During the process, more questions than answers arose in discussions about all of the computing and technology trends that society is currently experiencing and how they affect people’s trust in technology. This blog post specifically looks at the questions we asked about devices and the concept of consumerization...

Last week, Jan Neutze and I participated in a dinner discussion on “Building a Secure Cyber Future” that the German Mission to the United Nations and the Atlantic Council organized for the members of the United Nations Group of Government Experts (GGE) on Developments in the field of Information and Telecommunications in the context of International Security. The GGE is an important entity consisting of 15 designated experts who – while individually appointed by UN Secretary-General...

During my first 7 years at Microsoft, I spent most of my time working on security features such as access control, authentication, cryptography and so on. The next 12 years were spent in product groups and the Security Development Lifecycle ( SDL ) team working on software design, development and testing practices across the company in order to help defend against security threats. The past year was a big change for me, as I am now working directly with Microsoft customers helping them implement...

This article in our series focused on Microsoft’s free security tools is on a tool called BinScope Binary Analyzer.  This tool can be helpful for both developers and IT professionals that are auditing the security of applications that they are developing or deploying/managing. 

...

Over the past few years we have seen growing interest from our readers on the topic of Cybersecurity related to the public sector and critical infrastructure.  At Microsoft one of the teams focused on providing cybersecurity consulting services to our customers is the Microsoft Consulting Services (MCS) Cybersecurity team, led by its General Manager Pat Arnold.

...

This article in our series focused on Microsoft’s free security tools is on the Enhanced Mitigation Experience Toolkit (EMET).  EMET is a very popular security tool among the CISOs and security professionals I talk to because it helps them manage security mitigations for applications running in their environments.  Security mitigations like Address space layout randomization (ASLR) and Data Execution Prevention (DEP) can help make vulnerabilities very hard or even impossible to exploit reliably. 

...