Open Source

Microsoft’s Response to Open-Source Vulnerabilities - CVE-2023-4863 and CVE-2023-5217

Monday, October 02, 2023

Microsoft is aware and has released patches associated with the two Open-Source Software security vulnerabilities, CVE-2023-4863 and CVE-2023-5217. Through our investigation, we found that these affect a subset of our products and as of today, we have addressed them in our products as outlined below: CVE-2023-4863 Microsoft Edge Microsoft Teams for Desktop Skype for Desktop Webp Image Extensions (Released on Windows and updates through Microsoft Store) CVE-2023-5217

Read More

• Open Source

Microsoft Joins Open Source Security Foundation

Monday, August 03, 2020

Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation (OpenSSF), a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings together work from the Linux Foundation-initiated Core Infrastructure Initiative (CII), the GitHub-initiated Open Source Security Coalition (OSSC), and other open source security efforts to improve the security of open source software by building a broader community, targeted initiatives, and best practices.

Read More

• Linux
• Open Source
• OpenSSF
• Security

BlueHat Seattle videos are online!

Wednesday, November 13, 2019

Were you unable to attend BlueHat Seattle, or wanted to see a session again? We have good news. If you have been waiting for the videos from BlueHat Seattle last month, the wait is over. All videos which the presenter authorized to be recorded are now online and available to anyone.

Read More

• AppSec
• Azure AD
• Binary analysis
• BlueHat Security Briefings
• Community-based Defense
• DFIR
• Identity
• Kubernetes
• Machine learning
• Malware research
• Open Source
• Xbox

Welcome to the second stage of BlueHat!

Thursday, October 24, 2019

We’ve finished two incredible days of security trainings at the Living Computer Museum in Seattle. Now it’s time for the second part of BlueHat: the briefings at ShowBox SoDo. We’ve got a big day planned, so head on down. Please join us for breakfast (we have doughnuts! and bacon! and cereal!

Read More

• BlueHat Security Briefings
• Community-based Defense
• DevSecOps
• IoT
• Machine learning
• Open Source
• Security Development Lifecycle (SDL)

Designing a COM library for Rust

Tuesday, October 08, 2019

I interned with Microsoft as a Software Engineering Intern in the MSRC UK team in Cheltenham this past summer. I worked in the Safe Systems Programming Language (SSPL) group, which explores safe programming languages as a proactive measure against memory-safety related vulnerabilities. This blog post describes the project that I have been working on under the mentorship of the SSPL team.

Read More

• Memory Safety
• Open Source
• Rust
• Safe Systems Programming Languages
• Secure Development