RE: Microsoft Writing Secure Code

There is certainly no "propaganda" in the book. David and I were given
freedom to say what we wanted, and we did, there are lots of Microsoft
vuln examples and internal Microsoft stories. 

[Writing Secure Code] http://www.microsoft.com/mspress/books/5957.asp
[Protect Your PC] http://www.microsoft.com/protect
[Blog] http://blogs.msdn.com/michael_howard

[On-line Security Training]
http://mste/training/offerings.asp?TrainingID=53074


-----Original Message-----
From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] 
Sent: Thursday, December 09, 2004 7:38 AM
To: Rui Covelo
Cc: secprog@securityfocus.com
Subject: Re: Microsoft Writing Secure Code 

On Thu, 09 Dec 2004 09:57:53 GMT, Rui Covelo said:

> I was looking for some opinions about the book "Writing Secure Code"
> from Microsoft press. The book is already "old" but I only got to read
> it now...

There's a Second Edition out, not sure if you knew that.  The 2nd Ed has
been out a while, but is certainly not "old" in the sense of "info gone
stale" - a quick check doesn't find anything outdated in it....

> I was wondering if any of you have read it and what you think about
> it. Do you find it useful or plain microsoft propaganda (like I read
> somewhere else)?

There's a lot of Microsoft-specific info in there, but hardly
"propaganda".

It's definitely a useful book for the nuts-and-bolts info that the guys
actually writing the code - it's a bit weak on the top-level design
issues,
but given the title, I can hardly fault them for that (it *is* a
"writing code"
book ;)