Skip to main content
Microsoft
Engineering@Microsoft
Engineering@Microsoft
  • Home
  • DevBlogs
    • Visual Studio
    • Visual Studio Code
    • Visual Studio for Mac
    • DevOps
    • Developer support
    • CSE Developer
    • Engineering@Microsoft
    • Azure SDK
    • IoT
    • Command Line
    • Perf and Diagnostics
    • Dr. International
    • Notification Hubs
    • Math in Office
    • DirectX
    • PIX
    • SurfaceDuo
    • Startups
    • Sustainable Engineering
    • Windows AI Platform
    • C++
    • C#
    • F#
    • Visual Basic
    • TypeScript
    • PowerShell Community
    • PowerShell Team
    • Python
    • Q#
    • JavaScript
    • Java
    • Java Blog in Chinese
    • .NET
    • .NET MAUI
    • Blazor
    • ASP.NET
    • NuGet
    • Xamarin
    • #ifdef Windows
    • Apps for Windows
    • Azure Depth Platform
    • Azure Government
    • Bing Dev Center
    • Microsoft Edge Dev
    • Microsoft Azure
    • Microsoft 365 Developer
    • Old New Thing
    • Windows MIDI and Music dev
    • Windows Search Platform
    • Azure Cosmos DB
    • Azure Data Studio
    • Azure SQL
    • OData
    • Revolutions R
    • SQL Server Data Tools

    Engineering@Microsoft

    How Microsoft empowers its developers to deliver at massive scale

    security - Engineering@Microsoft

    Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft
    Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft
    Adrian Diglio October 13, 2021 Oct 13, 2021 10/13/21
    In this post, Adrian Diglio walks us through how Microsoft is planning to generate SBOMs not just to meet the U.S. Presidential Executive Order on Improving the Nation's Cybersecurity, but for all software that Microsoft produces.
    3
    Caesar, standards, and SAST: The road to SARIF
    Caesar, standards, and SAST: The road to SARIF
    Michael C. Fanning September 27, 2021 Sep 27, 2021 09/27/21
    In this post, Michael Fanning gives us a short history on standards (think Julius Caesar), how consensus on something very small can enable something very large, and how all of it relates to the design of the ‘Static Analysis Results Interchange Format’ (SARIF).
    Comments are closed.0
    You can’t have security for DevOps until you have DevOps for security
    You can’t have security for DevOps until you have DevOps for security
    Bryan Sullivan September 16, 2021 Sep 16, 2021 09/16/21
    The faster we iterate on refining secure development practices, the faster our developers can address security pain points, and the better we protect our customers. In this post, Bryan Sullivan walks through key learnings from the 1ES Security team.
    Comments are closed.0
    Separating the signal from the noise
    Separating the signal from the noise
    Bryan Sullivan July 6, 2021 Jul 6, 2021 07/6/21
    If a security tool catches a critical vulnerability, but also reports 99 other findings that turn out to be false positives, developers are going to ignore everything that the tool reports and then miss the important issues. Bryan Sullivan talks through how you can hone your tooling to separate the signal from the noise.
    1
    Related Links

    The DevOps Journey at Microsoft

    1ES DevOps Story

    Five Steps to Culture Change

    DevOps Resource Center

    Open Source at Microsoft

    Top Bloggers

    Bryan Sullivan

    Sina Jafari
    Principal Software Engineering Manager

    Magnus Hedlund

    Adrian Diglio
    Principal Program Manager

    Michael C. Fanning

    Topics
  • Engineering@Microsoft

    • Stay informed

    Login
    Code Block
    What's new
    • Surface Pro 8
    • Surface Laptop Studio
    • Surface Pro X
    • Surface Go 3
    • Surface Duo 2
    • Surface Pro 7+
    • Windows 11 apps
    • HoloLens 2
    Microsoft Store
    • Account profile
    • Download Center
    • Microsoft Store support
    • Returns
    • Order tracking
    • Virtual workshops and training
    • Microsoft Store Promise
    • Flexible Payments
    Education
    • Microsoft in education
    • Office for students
    • Office 365 for schools
    • Deals for students & parents
    • Microsoft Azure in education
    Enterprise
    • Azure
    • AppSource
    • Automotive
    • Government
    • Healthcare
    • Manufacturing
    • Financial services
    • Retail
    Developer
    • Microsoft Visual Studio
    • Windows Dev Center
    • Developer Center
    • Microsoft developer program
    • Channel 9
    • Microsoft 365 Dev Center
    • Microsoft 365 Developer Program
    • Microsoft Garage
    Company
    • Careers
    • About Microsoft
    • Company news
    • Privacy at Microsoft
    • Investors
    • Diversity and inclusion
    • Accessibility
    • Security
    English (United States)
    • Sitemap
    • Contact Microsoft
    • Privacy
    • Manage cookies
    • Terms of use
    • Trademarks
    • Safety & eco
    • About our ads
    • © Microsoft 2021