A quick one: An interesting download location:
With the SDL Quick Security References (QSR), the Security Development Lifecycle (SDL) team introduces a series of basic guidance papers designed to address common vulnerabilities from the perspective of multiple business roles - business decision maker, architect, developer, and tester/QA. These papers will help you address a critical business problem now while moving you toward SDL adoption in the future.
You can find them here.
Roger
With a lot of interest I followed the media on the latest Wikileaks’ publication of sensitive documents from the US Government. At least here in Europe, there is a huge debate whether this publication is really problematic for the United States. A discussion I do not want to comment here, as I am not able to really judge.
Let me start, however, with a case I had a while ago. I was called by a customer, who lost data. The data was very, very sensitive and the customer is in a business where losing such data can really hurt. So, they called me and wanted forensic support. The interesting thing was, that the criminal copied the sensitive data on to a CD and sent it to a very famous boulevard newspaper to be published. The only goal was to hurt the company. What I liked was the reaction of the newspaper: They called the company and told them that they most probably had a problem, handed them the CD including the data and did an anonymous story about such challenges, taking this as an example without revealing who the company was.
So, basically we have two fundamentally different tactics and ethics: One is to publish everything, which gets in your hands for a moment of fame and probably money. The other one is trying to go for a win-win (as far as you can win if you lose data). Do you have the right to risk a company’s reputation or even a country’s safety “just” for this moment of fame?
I leave that to you. My opinion is set
Roger
Yes, not only gray 
Seriously, we commissioned a study to see what the impact of cloud computing is not only to efficiency but the the environment. Can you save CO2 by moving to the cloud? I think something, we do not look at often enough. As pictures say more than 1000 words, here you see the overview of the results:
This is fairly significant. The whole study can be found here: Is cloud computing also "greener" computing?
Roger
Just a quick one. Our Global Foundation Services organization (the ones who run our datacenters) just published a new whitepaper:
Information Security Management System for Microsoft Cloud Infrastructure
This paper describes the Information Security Management System program for Microsoft's Cloud Infrastructure, as well as some of the processes and benefits realized from operating this model. An overview of the key certifications and attestations Microsoft maintains to prove to cloud customers that information security is central to Microsoft cloud operations is included.
Roger
There were just new resources released for the Security Compliance Manager: the Windows Server 2008 R2 Security Baseline and the Office 2010 Security Baseline, and setting packs for Windows 7 and Internet Explorer 8. This packs help you to manage your security and compliance.
The Security Compliance Manager works with the Microsoft Assessment and Planning (MAP) Toolkit and the Microsoft Deployment Toolkit (MDT) to help you plan, securely deploy, and manage new Microsoft technologies—easier, faster, and at less cost. Learn more.
These are the next steps proposed by the product team:
Roger