RSS Alerts

Roger Halbheer

Job title:
Chief security advisor, Microsoft

Areas of expertise:
Policy, architecture, law enforcement, cybersecurity, processes

Biography:
Roger Halbheer joined Microsoft as Chief Security Advisor of Microsoft Switzerland in 2001 and was promoted to the role of Chief Security Advisor for Microsoft Europe, the Middle East and Africa (EMEA) in February 2007. Roger leads a team of national Chief Security Advisors across EMEA who work with organizations in the commercial and public sectors - including national governments, law enforcement and intelligence agencies - on information technology issues and strategies. He is a trusted advisor to C-level executives, governments and law enforcement agencies and has established relationships with security communities and government agencies across the region. Roger is a regular speaker at industry events and has worked with national and international print and broadcast media both to represent Microsoft and to provide expert comment on broader security issues. A Swiss national, Roger holds a Master of Computer Science degree from the Federal Institute of Technology in Zurich and is a Certified Information System Security Professional (CISSP). Before joining Microsoft, he was responsible for e-Business Risk Management at PricewaterhouseCoopers in Switzerland. He lives in Zurich and is married with two sons.

Tag Cloud

Web Security Cybercrime Compliance Business Value Compromised Sites security Rogue AV Malware

Bloggers

Blog

Microsoft SDL Team Releases New Security Testing Tools

I often mention that we try to give you all the tools we have as long as it makes sense form a risk perspective. The risk perspective is a simple one: If we give it to you as our customer, we give it as well to the criminals.

There are two new tools which just made the bar and which are now released by the Security Development Lifecycle (SDL) team:

  • BinScope Binary Analyzer is a verification tool that confirms they the use of the correct compiler and linker protections required by the SDL. One of the things we learned is that the right compiler settings may change a lot (if the compiler and the linker are able to deliver accurate security)
  • MiniFuzz File Fuzzer is a simple file fuzzer that is designed to ease your introduction into fuzz testing by supplying file formats that your application would otherwise not expect.

So, if you develop in-house, look at them and make use of them. If not, make sure your supplier uses them or something similar (we do…)

Additionally, you might remember that we released a Security Development Lifecycle Template for VisualStudio earlier this year (Security Development Lifecycle Template - Your next step to "Secure Development). Based on your feedback the SDL team has written a whitepaper on how to integrate their practices into your own process template: Whitepaper: Manually Integrating the SDL Process Template

Roger

Posted 16/09/2009 by Roger Halbheer

Tagged under: Development

Comment on this blog

You must be registered and logged in to leave a comment about this blog.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water