During my first 7 years at Microsoft, I spent most of my time working on security features such as access control, authentication, cryptography and so on. The next 12 years were spent in product groups and the Security Development Lifecycle ( SDL ) team working on software design, development and testing...

UPDATE - Hear what others are saying about this survey: (Dark Reading) Survey Says: More Than Half of Software Companies Deploying Secure Coding Methods (NetworkWorld) Code Writers Finally Get Security? Maybe (Help Net Security) Root issues causing software vulnerabilities Errata Security has released...

In cast you didn't see it, the Microsoft Security Response Center (MSRC) team just announced the release of three tools to help customers fend off SQL injection attacks: UrlScan 3.0 Beta ( see Wade Hilmo's blog for more ), a security tool that restricts the types of HTTP requests that Internet Information...

I wanted to mention to folks that a new Security Development Lifecycle (SDL) web site went up earlier this month on microsoft.com. Amazingly, you can navigate to it via http://www.microsoft.com/sdl , instead of some long name you'd never remember. Of course, once you navigate to that URL, you get redirected...