microsoft

Steve Lipner and I were on the road for a press tour last week. In our work blog, he writes: Last week I participated in a “press tour” talking to press and analysts about the evolution of the SDL. Most of our past discussions with press and analysts have centered on folks who follow security,…

Read More SDL Press Tour Announcements

RFC 1918 is a best-current-practicies RFC that describes network address ranges that we all agree we won’t use globally. They get used for private networks, NAT ranges and so on. There are three ranges: 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255 They are thus the Internet equivalent of the American phone system not…

Read More The Hazards of Not Using RFC 1918

I have an article in the latest MSDN magazine, “Reinvigorate your threat modeling process:” My colleague Ellen likes to say that everyone threat models all the time. We all threat model airport security. We all threat model our homes. We think about threats against our assets: our families, our jewelry, and our sentimental and irreplaceable…

Read More Putting the fun back in threat modeling

I am tremendously pleased to say that Microsoft has closed an acquisition of Credentica‘s U-Prove technology. This technology adds a new and important set of choices in how we as a society deal with identity and properties of people. Kim Cameron has the official announcement, “Microsoft to adopt Stefan Brands’ Technology” and Stefan Brands has…

Read More Microsoft Acquires Credentica’s U-Prove

In posting yesterday about Debix, I should have disclosed that I have personal and financial relationships with the company. In addition, I was one of the 54 people in the test, and my fraud alerts did not set properly. I should have disclosed that as well. I apologize for the oversight. My thanks to Mr.…

Read More Mea Maxima Culpa