That should be an interesting issue, David. I'll look forward to it.

cheers

>Jim,
>
>>I found it both relevant and interesting that there is an 'admission' that security never figured significantly in Microsoft's software design.
>
>Anyone involved in development at Microsoft has already been or is now being retrained in better analysis and design methodologies that take security threats into account from the beginning stages of a project and all the way through to the testing processes. The Nov/Dec issue of CoDe, focused on Security, will contain an interview I did a few weeks ago with Steve Lipner, one of Microsoft's senior Security executives, where he discusses the changes within Microsoft in that area.
>
>That issue of CoDe also will contain an excellent article by Microsoft employee Michael Howard on the concept of "Threat Modeling," which he and others taught to Microsoft employees during the "stop coding and analyze for security" push a few months back. Michael is the author of "Building Secure Code," from Microsoft Press and is revising the book to include Threat Modeling. The re-training at Microsoft is still ongoing...