Comment Feed for Channel 9 - Microsoft Security Development Lifecycle (SDL) and Software Security Today http://ecn.channel9.msdn.com/o9/previewImages/100/501491_100x75.jpg Channel 9 - Microsoft Security Development Lifecycle (SDL) and Software Security Today The Microsoft Security Development Lifecycle (SDL) team recently released two new security tools, BinScope Binary Analyzer and MiniFuzz File Fuzzer, to help you write more secure code. Jeremy Dallman, Michael Howard, and Ivan Medvedev created these tools so we decided to pay them a visit to chat about what these tools do and why they matter. Of course, it's been way too long since Michael Howard has preached to us from his security soapbox so we just had to get him talking about the general state of software security today and where it's going! For the Microsoft SDL team, SDL is as much a lifestyle as it is a software development lifecycle. Developers, thrive securely so that others may securely thrive. Oh yeah, brothers and sisters. I'm sensing the need for a security soapbox show on 9. We need more preaching. There's still far too many developers writing insecure code. "Reverend" Howard, are you game, sir?Get BinScope and MiniFuzz on SDL Tool Repository. Please use them!!!   Stay updated on the SDL at: http://www.microsoft.com/sdl http://blogs.msdn.com/sdl en Sat, 25 May 2013 00:31:54 GMT Sat, 25 May 2013 00:31:54 GMT Rev9 Re: Microsoft Security Development Lifecycle (SDL) and Software Security Today Cool - I spoke to Michael after his security session at TechEd last year, and he was talking about getting the time to write a fuzzer himself for 2010, and here it is! MiniFuzz Smiley

posted by EdGillett

]]> http://channel9.msdn.com/Blogs/Charles/Michael-Howard-Ivan-Medvedev-and-Jeremy-Dallman-Software-Security-Today#c633931889410000000 Sat, 07 Nov 2009 11:09:01 GMT http://channel9.msdn.com/Blogs/Charles/Michael-Howard-Ivan-Medvedev-and-Jeremy-Dallman-Software-Security-Today#c633931889410000000 EdGillett Re: Microsoft Security Development Lifecycle (SDL) and Software Security Today This Michael Howard guy's emphasis on security as a core academic subject to be studies in universities WORLD-wide is 100% true and crucial for the current day, but I'd say it's a bit easier to get it in Universities than having a hero do the dirty-work.  These days universities rarely care of the future research which might actually solve the problems, and instead focus ALL funding on workforce education & training instead of the R&D which I only wish I could experience now.  All I get are C#, Java, Algorithms, Data-flow etc..... Sad So its basically your job to tell the universities you require the skills so they will provide.  It's not justified to me but it would work since they are led astray by the "economical" requirements you want them to train their students for career success as placeholder positions.  

I'd be interested to hear otherwise from other peoples comments and academic experiences, they would be lucky to have such formal training instead of my self-guided learning curriculum of interests.

 

Concerning the possible Lectures on C9, I'm already a functional programmer, so I skim the Functional programming videos lightly.  I would on the other hand really appreciate and enjoy a security "experts" take on what to watch out for like common pitfalls and caveats with code vulnerabilities as a little series going over core secure data structures or constructs that I don't really need to worry about coming from the Haskell world that would apply to my current learning of C# (with Dev10 Beta2 of course) in my university classes right now.

 

On a side note, my first test run of MiniFuzz showed no crashes in the log of my Assignment#4 for university, so far so good Wink 

posted by HeavensRevenge

]]> http://channel9.msdn.com/Blogs/Charles/Michael-Howard-Ivan-Medvedev-and-Jeremy-Dallman-Software-Security-Today#c633931905300000000 Sat, 07 Nov 2009 11:35:30 GMT http://channel9.msdn.com/Blogs/Charles/Michael-Howard-Ivan-Medvedev-and-Jeremy-Dallman-Software-Security-Today#c633931905300000000 HeavensRevenge Re: Microsoft Security Development Lifecycle (SDL) and Software Security Today When I tried it, it died with an unhandled exception on System.MissingMethodException in BinScope [3188]
 

posted by Kelly

]]> http://channel9.msdn.com/Blogs/Charles/Michael-Howard-Ivan-Medvedev-and-Jeremy-Dallman-Software-Security-Today#c634281350690000000 Thu, 16 Dec 2010 22:24:29 GMT http://channel9.msdn.com/Blogs/Charles/Michael-Howard-Ivan-Medvedev-and-Jeremy-Dallman-Software-Security-Today#c634281350690000000 Kelly