How the SDL helped improve Security in Office 2010

Hello, my name is Didier and I am a Security Program Manager in the Microsoft Security Engineering Center. We focus on helping teams like Office go beyond the minimum requirements of the Security Development Lifecycle (SDL). For Office 2010, I worked closely with members of the Office TWC team. The Microsoft SDL is a security…


Enabling password rules for Office 2010

Hi, my name is Alan Myrvold, and I am a security tester on the Office Trustworthy Computing Team (TWC). This post introduces the new password rules feature in Office 2010. Word, Excel, and PowerPoint have been able to password protect documents for several versions by setting the “password to open”. What we felt could be…


Trusted Documents

Hi, my name is Maithili Dandige. I am a Program Manager at Microsoft working in the Office Security team. For this release, I’ve worked on several security and privacy-related features such as Office File Validation, Recommended Settings, improvements to Document Inspector, and Trusted Documents. I will be talking about all these in the upcoming months….


Protected View in Office 2010

Hello, my name is Vikas and I work in the Office Trustworthy Computing security team. Today I will be telling you more about a feature I have been working on called Protected View. Protected View is one of the new security defense-in-depth features added in Office 2010. If you have not seen Brad’s post yet…


Office 2010 Application Security

Hello, my name is Brad and I work on the Office security team; we focus on a couple of key areas: building security features that improve the Office product line and driving the security engineering process across the division as part of the Security Development Lifecycle (SDL). I would like to start with a high-level…


Leaked build and Staying Safe

I wanted to post quickly to acknowledge the information that you have seen today around bits of Office 2010 being leaked.  While all of us here are happy to see the incredible excitement and engagement (and are absolutely chomping at the bit to reach the July milestone) we aren’t quite ready to release the technical…