Not long ago, Microsoft was the chief butt of security jokes in the IT world. It’s safe to say that they no longer wear the crown - in fact they’ve moved to being a company often pointed to as ‘getting it right.’ And that’s coming from someone typing this post from his Ubuntu Linux laptop.
Microsoft has always been very developer focused. One of the most important shifts they’ve made has been to focus their communication on the message that security bugs are just another kind of software defect to be eliminated. I’m especially pleased that they decided to invest effort into combating a classification of bug as serious as XSS, by developing code automation tools. While not quite a replacement for SCA software like Fortify, it does cover one very serious issue using automated techniques. The Microsoft ACE Team blog just announced a ‘free’ tool (60 day beta) that’s worth checking out if you develop or security .NET web apps. Security Catalyst » Free Beta Anti-XSS Tool from Microsoft
From around the Web
- Windows Vista Service Pack 2 Latest Release Schedule
- Vista SP2: What is inside?
- NetWitness releases free version of security software
- Three Reasons Why Users Won’t Buy Into Security
- Automated security testing & its limitations
- Google Wants to Preinstall Chrome Browser on PCs
- Mozilla warns of Firefox China add on
- Firefox No Longer an Automatic Defense Against Browser Drive Bys
- Google patches Chrome file stealing bug
- Apple plays catch up, adds anti fraud safeguard to Safari
- Researchers find vulnerability in Windows Vista
- How to Use Network Behavior Analysis Tools
- The insider security threat in IT and financial services
- Windows 7 security: An overall improvement?
- Windows 7 UAC could be less of a nag