Microsoft "Fuzzing key is behind Office security success"

A wave of attacks targeting Microsoft Corp.'s Office 2003 last year taught the company some tough security lessons it's now aggressively applying, a Microsoft software engineer said today. "When Office 2003 shipped, we thought we'd done some good work and that it would be a secure product," said David LeBlanc, a senior software development engineer […]

A wave of attacks targeting Microsoft Corp.'s Office 2003 last year taught the company some tough security lessons it's now aggressively applying, a Microsoft software engineer said today.

"When Office 2003 shipped, we thought we'd done some good work and that it would be a secure product," said David LeBlanc, a senior software development engineer with the Office team. "For the first two years after release, it held up really well, only two bulletins. [But] then people shifted their tactics and started finding problems in fairly large numbers."

LeBlanc, one of the proponents of Microsoft's Security Development Lifecycle (SDL) initiative, and Michael Howard, the co-author of Writing Secure Code for Vista, referred to the spate of attacks in 2006 that exploited numerous vulnerabilities in Office 2003's file formats. The suite's core applications -- Word, Excel and PowerPoint -- were all patched multiple times last year.

Full Article

Microsoft, Microsoft Office, Office 2003, Fuzzing, SDL, Microsoft Security