This article in our series focused on Microsoft’s free security tools is on the Enhanced Mitigation Experience Toolkit (EMET).  EMET is a very popular security tool among the CISOs and security professionals I talk to because it helps them manage security mitigations for applications running in their environments.  Security mitigations like Address space layout randomization (ASLR) and Data Execution Prevention (DEP) can help make vulnerabilities very hard or even impossible to exploit reliably. 

...

In this second article in my series focused on Microsoft’s free security tools, I’d like to introduce you to the Attack Surface Analyzer version 1.0.  Back in January of 2011 the Security Development Lifecycle team released a beta version of the Attack Surface Analyzer and today they announced the release of version 1.0.

...

This article in our series focused on Microsoft’s free security tools is on the Security Development Lifecycle (SDL) banned.h header file. This is an important tool for developers who are trying to minimize the number of security vulnerabilities that exist in the C or C++ code they write.  It’s also important for IT Professionals to know about this tool as they can ask the ISVs and developers of the applications they deploy and operate in their environments whether they were developed using banned.h.

...

Over the past few posts we’ve been covering the concept of the BYOD trend. We started with a foundation describing the origins and evolution of BYOD, followed by a closer examination of the pros and cons of BYOD from the employee perspective. This post will focus on BYOD from the point of view of the company or IT organization. In case you’re just joining us, let’s quickly recap what BYOD is. BYOD is an acronym for “bring your own device”. It’s a trend in business...

This article in our series focused on Microsoft’s free security tools is on a tool called BinScope Binary Analyzer.  This tool can be helpful for both developers and IT professionals that are auditing the security of applications that they are developing or deploying/managing. 

...

This article in our series focused on Microsoft’s free security tools is on the Security Development Lifecycle (SDL) Threat Modeling Tool.

For a quick backgrounder on threat modeling, let me recommend an article that my colleague, Michael Howard, recently published on threat modeling. 

...

Over the past few years we have seen growing interest from our readers on the topic of Cybersecurity related to the public sector and critical infrastructure.  At Microsoft one of the teams focused on providing cybersecurity consulting services to our customers is the Microsoft Consulting Services (MCS) Cybersecurity team, led by its General Manager Pat Arnold.

...

During my first 7 years at Microsoft, I spent most of my time working on security features such as access control, authentication, cryptography and so on. The next 12 years were spent in product groups and the Security Development Lifecycle ( SDL ) team working on software design, development and testing practices across the company in order to help defend against security threats. The past year was a big change for me, as I am now working directly with Microsoft customers helping them implement...

This blog post is part of a continuing series on the Trust in Computing Research , a survey we undertook across nine countries and thousands of individuals during a project called TwC Next . During the process, more questions than answers arose in discussions about all of the computing and technology trends that society is currently experiencing and how they affect people’s trust in technology. This blog post specifically looks at the questions we asked about devices and the concept of consumerization...

This week we launched a new Windows Phone application that is designed to provide our readers with an easy way to access Trustworthy Computing blogs through their Windows Phone devices. Our Trustworthy Computing Blogs provide customers with the latest insights from our security, privacy and reliability experts, information on mitigation tools, secure development, security updates, tips and tricks and much more.  The application is available today in the Windows Phone marketplace and I encourage you to download it and share your feedback. 

...