security

Microsoft open sources its software bill of materials (SBOM) generation tool

July 12, 2022 Jul 12, 2022 07/12/22

We are excited and proud to open source our software bill of materials (SBOM) generation tool. A key requirement of the Executive Order on Improving the Nation's Cybersecurity, SBOMs are lists of ingredients that make up software components, providing software transparency so organizations have insight into their supply chain dependencies. ...

Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft

October 13, 2021 Oct 13, 2021 10/13/21

Adrian Diglio

In this post, Adrian Diglio walks us through how Microsoft is planning to generate SBOMs not just to meet the U.S. Presidential Executive Order on Improving the Nation's Cybersecurity, but for all software that Microsoft produces.

Caesar, standards, and SAST: The road to SARIF

September 27, 2021 Sep 27, 2021 09/27/21

Michael C. Fanning

In this post, Michael Fanning gives us a short history on standards (think Julius Caesar), how consensus on something very small can enable something very large, and how all of it relates to the design of the ‘Static Analysis Results Interchange Format’ (SARIF).

You can’t have security for DevOps until you have DevOps for security

September 16, 2021 Sep 16, 2021 09/16/21

Bryan Sullivan

The faster we iterate on refining secure development practices, the faster our developers can address security pain points, and the better we protect our customers. In this post, Bryan Sullivan walks through key learnings from the 1ES Security team.

Separating the signal from the noise

July 6, 2021 Jul 6, 2021 07/6/21

Bryan Sullivan

If a security tool catches a critical vulnerability, but also reports 99 other findings that turn out to be false positives, developers are going to ignore everything that the tool reports and then miss the important issues. Bryan Sullivan talks through how you can hone your tooling to separate the signal from the noise.

Engineering@Microsoft

security - Engineering@Microsoft

Microsoft open sources its software bill of materials (SBOM) generation tool

Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft

Caesar, standards, and SAST: The road to SARIF

You can’t have security for DevOps until you have DevOps for security

Separating the signal from the noise