Microsoft One Engineering System (1ES) team shares a sample for building Ready-To-Code Dev Box environments pre-configured with the necessary tools, repositories, and settings, ensuring consistency and reliability across teams.
In April 2021, GitHub announced changes to their security token format that significantly enhanced security. The improvement leveraged two straightforward techniques: a fixed signature in the generated token and a checksum - both of which are highly effective in eliminating false positives (noise) and false negatives (missed findings). Microsoft a...
What do you keep in your Git repos? Source code for your production applications certainly, but you probably also keep a fair amount of experimental and “hackathon” code. Maybe you keep your documentation in Git. Maybe, like the District of Columbia does, you even keep legal documents there. So which of these are the most important to protect? Fro...
We’re in an exciting time for technology. But to take advantage of the opportunities, it’s critical for developers to have access to the tools and resources that can help them stay productive and do their best work. At Microsoft, we’re migrating many of our developers to highly productive…
A secure software supply chain represents another facet of Microsoft's built-in security to enhance and maintain trust in our products. It’s a continuation of the journey we embarked upon since the launch of Security Development Lifecycle (SDL) in 2004 and represents our commitment to continually enhance Microsoft’s foundational security.
The Accessibility Insights team recently fixed a bug in our Windows Presentation Foundation (WPF) app where checkboxes in a WPF tree view were not properly reporting their checked or unchecked state to adaptive technologies such as screen readers. This longstanding issue created a sub-par accessible experience in Accessibility Insights for Windows,...
Since February 2022, the Accessibility Insights team has been migrating Accessibility Insights for Web–our Chrome and Edge extension introduced in Jacqueline's February 14, 2022, post from Manifest V2 (MV2) to Manifest V3 (MV3). We wanted to share learnings and takeaways from our migration journey with a walkthrough…
We are excited and proud to open source our software bill of materials (SBOM) generation tool. A key requirement of the Executive Order on Improving the Nation's Cybersecurity, SBOMs are lists of ingredients that make up software components, providing software transparency so organizations have insight into their supply chain dependencies. Our S...
In this post, Jacqueline Gibson goes over Accessibility Insights for Web, Microsoft's open-sourced Chrome and Edge extension that helps users find and fix web accessibility issues.
Flaky tests are a well-known problem across the industry and Microsoft is no exception. In this post, Suresh Thummalapenta walks us through the team's comprehensive flaky test management system that helps to infer, triage, and quarantine those tests.
