Michael Howard has posted a great postmortem and lessons-learned piece on the animated cursor vulnerability recently patched in Windows. I love to see this kind of open discussion of how Microsoft’s security development lifecycle (SDL) is working in practice, and where MS feels that it can be improved. You don’t often see this level of disclosure from major IT vendors, and I think the industry (and our security) would be more robust if it became more common.
Microsoft postmortem on ANI bug
Comments Off on Microsoft postmortem on ANI bug
Filed under General Tech Stuff, Security
Paul's Down-Home Page 