Security Development

New Version of BinScope Binary Analyzer

- SDL Team - Trustworthy Computing, Microsoft
Advanced Security Notice

We are delighted to announce the general availability of a new version of the BinScope Binary Analyzer, Microsoft BinScope version 2014. BinScope is a tool used during the Security Development Lifecycle (SDL) verification phase. It is available as a free download from the Microsoft Download Center here. BinScope was designed to help detect potential vulnerabilities that can be introduced into Binary files. The tests it implements examine application binary files … Read more »

Threat Modeling a Retail Environment

- Michael Howard - Principal Security Program Manager

Posted by: Michael Howard, Principal Consultant, Cybersecurity If you have followed this blog, or followed anything Microsoft has done with the Security Development Lifecycle, you’ll know that we are proponents of the benefits of threat modeling as a way to understand the risks to and potential mitigations for a system. The computer industry is full of systems that look somewhat alike, and have similar “moving parts”; for example, banking, health … Read more »

Trust in Computing Survey, Part 2: Less Than Half of Developers Use a Security Development Process

- Tim Rains - Director, Cybersecurity & Cloud Strategy

If you are in the security industry or follow news related to security breaches or threat intelligence, you know that the threat landscape is continually evolving.  Attackers are constantly seeking out new ways to compromise potential victims on a broad or targeted scale. They attempt to exploit unpatched vulnerabilities, use deceitful tactics to trick users into installing malicious software, attempt to guess weak passwords, and other dirty tricks. Despite this … Read more »