SecurityRatty: tag: gs-scale

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle

Hi, Michael here. Happy New Year Recently, Symantec issued a security advisory warning users of critical remote code-execution security vulnerabilities in various Symantec email security products. The bugs caught my eye for a number of reasons First and foremost, security bugs in security products are always of great interest and concern to me,...

Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers

Don't Try This At Home

2007-11-05 21:52:28 by sdl in The Security Development Lifecycle

No, its not a post on why Adam should never volunteer to do a 12 part series on threat modeling, but rather, why inventing your own mitigations is hard, and why we suggest treading carefully if you need to go there Let me first explain what I mean by mitigations because apparently theres some confusion. We have folks here at Microsoft who call...

Tags: mitigations, custom mitigations, security mitigations, innovative mitigations, software projects, software, expert, design, design principles

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle

Scott Lambert here. I work on the Security Engineering Tools team where we're responsible for researching, developing and publishing tools to internal product and service teams. These include fuzzing, binary analysis and attack surface analysis tools Previously, James Whittaker posted a blog entry on Testing in the SDL in which he mentioned that...

Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions

Sexy Development Lifecycle

2008-01-30 01:37:00 by sdl in The Security Development Lifecycle

Hi everyone, Bryan Sullivan here Im having something of a dilemma today. An important part of my job is keeping current with security issues so that we can provide appropriate guidance for dealing with those risks in the SDL. A great way to keep current with security issues is to hang out at hacker cons. Now on one hand, I really love hacker...

Tags: developer security, developer security issues, security issues, developer, love developer cons, security, attend developer cons, developer cons, sdl

SDL and the XSS Filter

2008-08-27 15:35:00 by sdl in The Security Development Lifecycle

Steve Lipner here. When the Internet Explorer team posted the announcement about the XSS Filter feature in IE8 I asked some other members of the SDL blog team why arent we talking about the new XSS Filter feature on the SDL blog? Bryan and Jeremy said something like thats a mitigation that only applies to specific clients and a subset of...

Tags: xss, xss filter, xss vulnerabilities, xss led, anti-xss library, xss attack, xss attacks, attacks, xss filter remembers

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo