Search For:

Displaying 1-6 out of 6 total
Managing the Security Wall of Data
Found in: IEEE Security and Privacy
By Michael Howard
Issue Date:September 2009
pp. 66-68
The field of computer security can be highly unpredictable and cause any security practitioner to become unproductive quickly. This paper discusses some of the best practices adopted by the author to help handle the deluge of information to help him become...
 
Improving Software Security by Eliminating the CWE Top 25 Vulnerabilities
Found in: IEEE Security and Privacy
By Michael Howard
Issue Date:May 2009
pp. 68-71
In January 2009, MITRE and SANS issued the
 
Becoming a Security Expert
Found in: IEEE Security and Privacy
By Michael Howard
Issue Date:January 2008
pp. 71-73
The author discusses the basic skills a security expert should learn, including design, development, and tester skills, to thwart attackers.
 
A Process for Performing Security Code Reviews
Found in: IEEE Security and Privacy
By Michael Howard
Issue Date:July 2006
pp. 74-79
No one really likes reviewing source code for security vulnerabilities, but it's a critical component of shipping secure software. Howard describes his approach to tackling the process. It won't identify all security vulnerabilities in your code, but it's ...
 
Building More Secure Software with Improved Development Processes
Found in: IEEE Security and Privacy
By Michael Howard
Issue Date:November 2004
pp. 63-65
In this installment, I draw on experiences gained as a member of Microsoft's central security team to outline some basic best practices you can implement in your software development process. These practices affected Microsoft products released since the i...
 
Inside the Windows Security Push
Found in: IEEE Security and Privacy
By Michael Howard, Steve Lipner
Issue Date:January 2003
pp. 57-61
<p>The Microsoft Windows development team spent two months in 2002 analyzing product design, code, and documentation to fix security issues. The results of this security push include a new process and several lessons learned for future projects.</...
 
 1