Microsoft postmortem on ANI bug

Michael Howard has posted a great postmortem and lessons-learned piece on the animated cursor vulnerability recently patched in Windows. I love to see this kind of open discussion of how Microsoft’s security development lifecycle (SDL) is working in practice, and where MS feels that it can be improved. You don’t often see this level of disclosure from major IT vendors, and I think the industry (and our security) would be more robust if it became more common.

Comments Off on Microsoft postmortem on ANI bug

Filed under General Tech Stuff, Security

Comments are closed.