Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
Network Security
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical FW: [ISN] Microsoft Gives Away Free Fuzzer, Secure Development Tool

  • From: Howell, Paul
  • Date: Fri Sep 18 11:18:24 2009 

-----Original Message-----
From: isn-bounces@infosecnews.org [mailto:isn-bounces@infosecnews.org]
On Behalf Of InfoSec News
Sent: Thursday, September 17, 2009 1:29 AM
To: isn@infosecnews.org
Subject: [ISN] Microsoft Gives Away Free Fuzzer, Secure Development Tool


http://www.darkreading.com/security/app-security/showArticle.jhtml?artic
leID=220000750

By Kelly Jackson Higgins
DarkReading
Sept 16, 2009 

Microsoft continued efforts to spread its own secure software 
development program with today's release of a free fuzzer and tool for 
analyzing binary code.

The software giant last year began opening up its Security Development 
Lifecycle (SDL) for all third-party application developers and 
enterprises as a way to write cleaner, more secure code. As part of its 
SDL-sharing strategy, Microsoft has released several free tools for 
developers, including the SDL Threat Modeling Tool, the !exploitable 
(pronounced "bang exploitable") Crash Analyzer, an add-on to Microsoft's

Windows debugger fuzzing tool; and the SDL Process Template, which 
integrates Microsoft's SDL directly into third-party and enterprise 
development environments.

Microsoft's latest tools -- BinScope Binary Analyzer and Mini-Fuzz File 
Fuzzer -- support the verification stage of the SDL process. "This is 
the testing phase," says David Ladd, principal security program manager 
for Microsoft's SDL team. Microsoft also released a white paper on how 
to manually integrate the SDL Process Template into its existing Visual 
Studio Team System development projects.

Along with iSEC Partners, the company also released a new report on how 
to measure the ROI of an SDL program. The report, which includes data 
from NIST studies and anecdotal data from iSEC, demonstrates how to use 
metrics to calculate an ROI: "The earlier you can find bugs, the cheaper

it's going to be for development organizations," Ladd says.

[...]


------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.