Showing results for security - Engineering@Microsoft

Sep 25, 2024
Post comments count0
Post likes count0

Common annotated security keys

Michael C. Fanning
Michael C. Fanning

In April 2021, GitHub announced changes to their security token format that significantly enhanced security. The improvement leveraged two straightforward techniques: a fixed signature in the generated token and a checksum - both of which are highly effective in eliminating false positives (noise) and false negatives (missed findings). Microsoft a...

Aug 24, 2023
Post comments count0
Post likes count2

Your Most Important Git Repos

Bryan Sullivan
Bryan Sullivan

What do you keep in your Git repos? Source code for your production applications certainly, but you probably also keep a fair amount of experimental and “hackathon” code. Maybe you keep your documentation in Git. Maybe, like the District of Columbia does, you even keep legal documents there. So which of these are the most important to protect? Fro...

May 22, 2023
Post comments count0
Post likes count4

The Journey to Secure the Software Supply Chain at Microsoft

Adrian Diglio
Adrian Diglio

A secure software supply chain represents another facet of Microsoft's built-in security to enhance and maintain trust in our products. It’s a continuation of the journey we embarked upon since the launch of Security Development Lifecycle (SDL) in 2004 and represents our commitment to continually enhance Microsoft’s foundational security.

Jul 12, 2022
Post comments count3
Post likes count3

Microsoft open sources its software bill of materials (SBOM) generation tool

Danesh Kumar Badlani Adrian Diglio
Danesh,
Adrian

We are excited and proud to open source our software bill of materials (SBOM) generation tool. A key requirement of the Executive Order on Improving the Nation's Cybersecurity, SBOMs are lists of ingredients that make up software components, providing software transparency so organizations have insight into their supply chain dependencies. Our S...

Oct 13, 2021
Post comments count3
Post likes count5

Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft

Adrian Diglio
Adrian Diglio

In this post, Adrian Diglio walks us through how Microsoft is planning to generate SBOMs not just to meet the U.S. Presidential Executive Order on Improving the Nation's Cybersecurity, but for all software that Microsoft produces.

Sep 27, 2021
Post comments count0
Post likes count1

Caesar, standards, and SAST: The road to SARIF

Michael C. Fanning
Michael C. Fanning

In this post, Michael Fanning gives us a short history on standards (think Julius Caesar), how consensus on something very small can enable something very large, and how all of it relates to the design of the ‘Static Analysis Results Interchange Format’ (SARIF).

Sep 16, 2021
Post comments count0
Post likes count1

You can’t have security for DevOps until you have DevOps for security

Bryan Sullivan
Bryan Sullivan

The faster we iterate on refining secure development practices, the faster our developers can address security pain points, and the better we protect our customers. In this post, Bryan Sullivan walks through key learnings from the 1ES Security team.

Jul 6, 2021
Post comments count1
Post likes count0

Separating the signal from the noise

Bryan Sullivan
Bryan Sullivan

If a security tool catches a critical vulnerability, but also reports 99 other findings that turn out to be false positives, developers are going to ignore everything that the tool reports and then miss the important issues. Bryan Sullivan talks through how you can hone your tooling to separate the signal from the noise.