Every Day is makeITsecure day
You may have heard last week about makeITsecure day, an initiative that united the Irish government with a number of organizations, including Microsoft. As part of the campaign, we were out – on the streets, in the schools, and at a number of high-profile events – discussing issues like phishing, spyware, identity theft, child safety online, and other risks. Our mutual goals included raising awareness, offering useful tips, and giving people in the broader community a chance to ask the tough security questions they’ve always wanted to ask.
For those of us in the development community, we know that every day is makeITsecure day. We see security as part of process, not something bolted on, and certainly not something we can forget without dire consequences. We need to understand the issues at play on a much deeper level, plan ahead, and be vigilant.
These days, we have the good fortune of having exceptional tools to help us design and implement more secure systems. In Visual Studio Team System demos, I particularly like to focus on how the Team Architect system diagrams allow an architect to check for best practices and identify potential threats before a line of code is written, and long before anything is deployed into the data center. As another example, the static code analysis of Team Developer helps catch common gotchas at compile time – problems which may otherwise lead to vulnerabilities like a buffer overrun, or a SQL Injection Attack.
I’m currently reading about security implementations in the Windows Communications Framework. I was pleasantly surprised to see how you can integrate the ASP.NET 2.0 provider models into WCF authentication!
But I’m sure you all have your own personal focus for security interests. It’s worth taking a look at the subsection of the MSDN site that’s devoted to security: https://msdn.microsoft.com/security/ And here is an MSDN site devoted to security issues of particular interest to Irish developers: https://www.microsoft.com/ireland/security/
Comments
- Anonymous
November 21, 2005
Why didn't makeITsecure.ie suggest other more secure browsers like Firefox etc? - It completely ignored the most simple thing people can do to increase net security - stop using the most widely targeted browser for spyware, malware etc. The IT departments of all the companies listed as sponsors of the page know this as a fact, yet failed to inform the public of it. - Anonymous
November 21, 2005
Yeah yeah we heard that so many times Firefox is more secure, IE not. Sorry danger (whoever really you are) Firefox is no more secure than IE, if you look at the number of patches you got now :-) - Anonymous
November 21, 2005
I would agree with Paschal - the latest IE is certainly competitive with FireFox on the security issue.
A couple of years ago IE was a security disaster, but because it was subjected to so many attacks, it is now significantly improved. FireFox and its predecessors have not had many attacks until recently, and hence the FireFox developers have had to be busy on the security front, but they seem to have sorted out any problems that were discovered.
I would rate a full patched IE and a full patched FireFox as equal on the security question - the important point for users is to ensure they keep whichever browser they use fully patched (e.g. WinXP SP2 AND automatic updates turned on). - Anonymous
November 23, 2005
The comment has been removed