Our mission is to help the world's developers build software, safely. We have a lot of areas that we will be tackling and a lot of features we will be building but we started the journey by helping developers know what third-party code they are using, what it does and what components have…

Many of the worlds best developers work on solving the hardest problems that often also address multi-billion dollar markets. High risk, high stakes and high reward. These developers are to the software industry what Tony Hawk is to the skateboarding community. Tony Hawk wears a helmet because he…

My testing task for this sprint was to create a Regression test suite to test one our services “SRC:CLR Console” which is standalone agent that leverages the service core technology to identify known security vulnerabilities in software components. The goals I decided to achieve were: Create a set…

Anyone can write code. A salty developer will read that sentence and think "Yeah, anyone can break code too!" Luckily, unit tests can help prevent code breakage. Unit tests protect feature requirements from breaking as new features get added. Unit tests can also be useful to protect an API endpoint…

On January 15, 2002, at 5:22 p.m. PST, Bill Gates sent a memo —subject: “Trustworthy computing”—to everyone at Microsoft and its subsidiaries. “Trustworthy computing,” he wrote, “is the highest priority for all the work we are doing.” It launched the SDL (Security Development Lifecycle) initiative…

I seem to keep coming across advice recomending Agile development teams create “Security stories”. It seems much of this stems from SAFECodes Practical Security Stories and Tasks for Agile development environments and the OWASP Don’t Forget Evil Stories. I think this is the wrong approach. As a…