As cloud computing matures, a growing number of organizations are interested in moving to cloud environments to help lower IT costs, increase efficiencies, and realize greater flexibility. However, organizations that consider cloud computing have also voiced a number of concerns. In multiple studies...

For years I have heard talk in the industry that much of the counterfeit software available on the Internet was preloaded with malware. How much of the counterfeit software available is preloaded with malware? What type of malware is preloaded on these systems and what does it allow the attackers to...

Recently I wrote a three part series of articles ( part 1 , part 2 , part 3 ) on the evolving threat landscape in the European Union. As I wrote in these articles, there has been a steep rise in the malware infection rates in some European countries that typically have some of the lowest malware infection...

Trending Security News Security news stories this week focused on smartphone security and GPS tracking; our Security Development Conference in DC; and a report on security technology trends with a few stories also covering malware stats and cyber-attacks. Here are the security news stories and two blog...

Trending Security News Security news stories this week continue to validate the importance of cybersecurity skills in the marketplace and FEMA released a new National Preparedness Report providing insights on the state of national critical infrastructure protection. Here are some of the security news...

Trending Security News Security news stories last week reported the House passed the CISPA bill; CNET reports Mac security ten years behind Microsoft; and infosecurity ran a story about the GAO that testified on Capitol Hill reporting there were 42,887 cybersecurity incidents last year. Here are some...

Security News Security news stories this week covered CISPA, a cybersecurity bill that continues to draw fire from privacy groups: some experts weigh the pros while others say the bill is too vague as written and predict it will be tabled. Also in the news Anonymous claims Pastebin censorship and creates...

Trending Security News Security news stories this week highlighted data breaches, tips on computer security, cybersecurity and online safety patterns and practices, and analysis in support and criticism of Cyber Intelligence Sharing And Protection Act (CISPA). Here’s our top news stories and blog...

Trending Security News Security news stories this week covered a failed attempt by Anonymous to bring down the Internet; latest malware stats for Macs; new government investments in understanding big data trends and building new cybercrime defenses; and eight UK universities who recognize excellence...

This week Business Roundtable (BRT) released its report Mission Critical: A Public-Private Strategy for Effective Cyber Security . Microsoft is an active participant in BRT and we believe this report includes key insights that can help inform and advance cybersecurity discussions that are currently happening...

The product of human ingenuity and innovation, cyberspace now delivers a range of critical services to more citizens around the world than ever before. Yet, the online world as we know it stands at the threshold of unprecedented change. Being invited to speak at the EastWest Institute’s Worldwide...

UPDATE - Hear what others are saying about this survey: (Dark Reading) Survey Says: More Than Half of Software Companies Deploying Secure Coding Methods (NetworkWorld) Code Writers Finally Get Security? Maybe (Help Net Security) Root issues causing software vulnerabilities Errata Security has released...

I do my work as standard user on Windows 7, just as I did with Windows Vista.  It is not a burden.  When I need to do an admin task, I put on my “admin” hat by switching to my admin account specifically and doing my admin thing and then logging off.  I don’t browse, I don’t download stuff...

A couple of days ago, Secunia published their Secunia 2008 Report , and one of their tables garnered quite a bit of attention with respect to Mozilla patching quickly: Brian Krebs , Washington Post, Fanning the Flames of the Browser Security Wars Brian Prince, eWeek, Security Report Ignites Firefox vs...

Summaries from previous months: Jan09 Security Bulletin SDL Benefit Summary When I do analysis and reports on Microsoft products, I typically look for where the Security Development Lifecycle (SDL) has helped to provide improvement and provide some stats on that.  This year, I decided to try and...

[DISCLOSURE for those who don’t read about boxes: I work for Microsoft.] I admit that I enjoy discussing issues and digging into claims to see if I can find fractures or flaws in logic. When I ran product management teams for companies in previous roles, I would always review our draft product glossies...

I am a couple of articles into my series: Can Mozilla Support Claims of Firefox Being the Most Secure Web Browser? , and Can Mozilla Support Claims of Firefox Being the Most Secure Web Browser? (Part 2) In part 2, I probed Mozilla’s usage of an ‘at risk’ chart to claim that their customers...

Mozilla bills Firefox as the most secure Web browser on the planet, but is it really? Follow along with this series and see if the claims hold up to close scrutiny. Today, I started a multi-part article series on cio.com (Security landing page: http://www.cio.com/topic/1419/Security ) probing Mozilla...

With the recent release of v5 of the Security Intelligence Report, I decided to produce a couple of webcast videos where I present my findings to you directly in a brief presentation. In this second one, I go over the vulnerability disclosure trends for vulnerabilities affecting Microsoft products. ...

With the recent release of v5 of the Security Intelligence Report, I decided to produce a couple of webcast videos where I present my findings to you directly in a brief presentation. In this first one, I go over the industry-wide trends.   1H08 Vulnerability Trends - Part1 - Industry To see all...

This morning, we released the latest version of the Microsoft Security Intelligence Report (SIRv5), examining industry-wide software vulnerability disclosures, Microsoft vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. I am one of the primary contributors...

This report looks at all of the vulnerabilities fixed by Apple, Microsoft, Red Hat and Ubuntu during the first half of 2008. At the vendor level, the report examines all vulnerabilities as well as Days of Risk (DoR) associated with those vulnerabilities. The report further drills down to examine just...

With Windows Server 2008, the Microsoft Windows Server team introduced a new installation option –Server Core. Server Core is a “minimal install” option of Windows Server that excludes much of the GUI and many applications – such as Internet Explorer and Windows Media Player – that would be present...

This paper is a compilation of vulnerability data for client operating systems for the first 3 month, January through March, of 2008. Vulnerabilities and fixes for the following products are discussed: Microsoft Windows Vista Microsoft Windows XP SP2 Red Hat Enterprise Linux Desktop (v. 5 client) Red...

In the wake of my Windows Vista One Year Vulnerability Report , I have received many questions regarding the current vulnerability record of Windows Vista as compares with Windows XP SP2. This short paper is a compilation of vulnerability data for Microsoft Windows Vista and Microsoft Windows XP SP2...