Security Concerns

Two weeks ago in this space , I featured a question-and-answer session with security expert Dinis Cruz. His concern: That .NET development vendors and programmers alike are failing to employ sandboxing techniques to ensure that applications remain secure.

Redmond Developer News plans to cover this and other development security-related issues in an upcoming issue of RDN. But we wanted to hear from you first. What security issues concern you most when developing applications? Do you feel that tool vendors are providing the resources you need to create software that's fundamentally secure? And do you feel that sandboxing, as an approach to enabling security, has been widely overlooked by the industry?

More

Posted by Michael Desmond on 11/07/20070 comments


Microsoft Looks Sharp with F#

Visual Studio is adding another native programming language in the form of F#, a typed functional programming language originally developed by Microsoft Research in Cambridge, England.

When Soma Somasegar revealed Microsoft's F# plans on his blog, it signaled an important step forward for Redmond. As corporate VP of the Developer Division at Microsoft, Somasegar has been keen on the benefits of functional programming, which promises to free coders to tap the power of advanced, multi-core processors and expansive grid computing networks.

More

Posted by Michael Desmond on 10/31/20074 comments


Testers Get a Moment in the Spotlight

Microsoft just launched a new Web site aimed directly at software QA and testing professionals. Called Tester Center , the new site aims to bring testers together to share experiences and best practices, get advice and access useful content.

The site is headed up by James Whitaker, an early innovator in the area of model-based testing and currently a Microsoft security architect working in the Trustworthy Computing Initiative at Redmond.

More

Posted by Michael Desmond on 10/24/20070 comments


RDN Innovator Awards Deadline Nov. 15!

The deadline for submitting entries to the RDN Innovator Awards has been extended two weeks to Nov. 15. The program recognizes outstanding efforts in development, with a focus on shops aligned with Microsoft Windows and the .NET stack. Entries are accepted across a range of independent categories.

Do you have a software development project that's worthy of recognition? Download the RDN Innovator Awards entry form here.

More

Posted by Michael Desmond on 10/24/20070 comments


Asked and Answered: More Secure .NET Development

Dinis Cruz spends a lot of time worrying about .NET security. The well-known security consultant and trainer is chief security evangelist of the Open Web Application Security Project (OWASP) , which aims to improve software security.

RDN contributor John Waters caught up with Cruz at a recent industry event. You can read more about this in the Nov. 15 issue of Redmond Developer News magazine.

More

Posted by Michael Desmond on 10/24/20070 comments


The Facebook Phenomenon

According to a recent Forrester Research survey, 28 percent of enterprises with 500 or more employees have some form of social networking initiative, while 20 percent are considering it. Behind these figures: the runaway popularity of social networking services like MySpace, Facebook and LinkedIn. The buzz around these sites jumped recently, after Facebook announced it would open its APIs to developers.

What's at stake here? Potentially, a lot. Facebook has a huge and growing audience that includes a rapidly expanding business clientele. Apps linked into the Facebook platform using its APIs can be immediately accessed and leveraged by Facebook users, removing much of the friction in delivering services across organizations.

More

Posted by Michael Desmond on 10/17/20070 comments


Cross-Build Injection Threatens App Security

Fortify Software is one of the leading providers of application security solutions for development shops. So when its researchers came across a new type of vulnerability that affects the application build process used in open source software projects, it got my attention.

According to Fortify, cross-build injection exploits "allow a hacker to insert code into the target program while it is being constructed." Discovered by Fortify while working with the Java Open Review Project, cross-build injection attacks represent a shift by hackers, from now-fortified OSes and applications toward the less well-protected application development stack.

More

Posted by Michael Desmond on 10/17/20070 comments


Adobe Ascendant

We've spent a lot of time and ink covering Microsoft's Silverlight technology, and for good reason. Initially regarded as a simple Flash competitor for delivering rich media over the Web, Silverlight quickly emerged as a full-fledged application delivery platform. And, as seems to be the case with all successful Microsoft offerings, Silverlight is an amazing lesson in leverage. To wit: It enables millions of .NET-savvy developers to write and package applications for use across platforms and across the Web, via the Silverlight player. More

Posted by Michael Desmond on 10/10/20071 comments


Facebook: Fad or Framework?

Steve Ballmer may have been showing his age last week, when he called out the Facebook social networking site as a "fad" and questioned the value of the technology used to make it go.

"I think these things [social networks] are going to have some legs, and yet there's a faddishness, a faddish nature about anything that basically appeals to younger people," Ballmer was quoted as saying in an Oct. 2 article in the Times Online. You can read the full article here.

More

Posted by Michael Desmond on 10/08/20070 comments


Leaving Live

Frequent RDN contributor Mary Jo Foley has the goods on yet another high-profile defection from Microsoft's Live business unit. This time, the departee is Danny Thorpe, formerly a senior program manager and architect in the Windows Live Platform group. Thorpe is leaving to work with a startup called Cooliris . You can read Foley's blog posting here More

Posted by Michael Desmond on 10/08/20070 comments


Back to School

Six months ago or so, I interviewed Microsoft security expert Mike Howard about the challenge his company faced as it worked to make the development of fundamentally secure software a core mission of every project. Known as Security Development Lifecycle (SDL), the effort took years to complete, and ultimately resulted in the release of much more secure code. More

Posted by Michael Desmond on 10/03/20070 comments


The Future of Development Is...Facebook?

Facebook is fast transforming from its roots as a social networking site for college students into a full-fledged development platform that has drawn Microsoft's interest. Certainly, there's keen and growing interest in extending the benefits of Facebook's community network model into the professional sphere.

Is your company's CEO beating down IT's door, asking for Facebook or something like it? Or do you think Facebook and platforms like it are a passing fad, as Steve Ballmer recently suggested? E-mail me at More

Posted by Michael Desmond on 10/03/20072 comments


Subscribe on YouTube