16 minutes read

Six Simple Development Rules (for Writing Secure Code)

I wish I could say that I came up with this list, but alas I did not.  I came across it on the Assessment, Consulting & Engineering Team blog from Microsoft, this morning.  They are a core part of the Microsoft internal IT Security Group, and are around to provide resources for internal and external software developers.  These 6 rules are key to developing secure applications, and they should be followed at all times. Personally, I try to follow the rules closely, and am working hard at creating an SDL for our department.  Aside from Rule 1, you could consider…

10 minutes read

Security, Security, Security is about Policy, Policy, Policy

The other day I had the opportunity to take part in an interesting meeting with Microsoft. The discussion was security, and the meeting members were 20 or so IT Pro’s, developers, and managers from various Fortune 500 companies in the GTA. It was not a sales call. Throughout the day, Microsofties Rob Labbe and Mohammad Akif went into significant detail about the current threat landscape facing all technology vendors and departments. There was one point that was paramount. Security is not all about technology. Security is about the policies implemented at the human level. Blinky-lighted devices look cool, but in…

3 minutes read

Make it Right: Revisited

In the previous post Make it Right I asked the question Why aren’t more people making it right? I was curious why people don’t take the time to write software properly.  There are lots of jokes about bad software development: If houses were built the same way programmers build programs, we’d all be living on the street. Unfortunately it’s a fair statement.  Most programs out there suck*.  I used to come back with the argument that people have been building houses for thousands of years, but software for only a few decades.  There are bound to be issues.  But then…

5 minutes read

Resources for Students who Hate School

I hated school.  Technically, I’m still enrolled in college.  Bachelors of Business Management.  Blech.  I figured at least with business, I would learn something useful later in life.  I chose against Comp. Sci. for a few reasons.  One being that I know a couple PhD’s that know nothing about building applications in the real world. In Comp. Sci., you learn how to build data structures, and how to make Mandelbrot Set’s process faster.  In business, you learn why people buy stuff.  Or more appropriately, you learn how to get people to buy your stuff. Seeing as I learned (taught myself?)…

5 minutes read

Security, Architecture, and Common Sense

Good enough is sometimes not good enough.  I’ve been doing a lot of thinking lately (well, I’m always thinking), and security has been an issue that has come up a lot.  Frankly, I’m a two-bit software developer.  I know my code isn’t the best, nor the most secure.  I use strong passwords, encrypt my sensitive data, and try to limit access to the applications for those who need to use it. In theory this works.  Problem is, it’s a lame theory.  There are so many unknown factors that have to be taken into account.  Often times they aren’t. When I…