

What can Diaspora learn about security from Microsoft? (REVISED) - jdp23
http://www.talesfromthe.net/jon/?p=1967

======
jdp23
i had posted an earlier version of this here and got some great feedback at
<http://news.ycombinator.com/item?id=1768417> … this is the latest revision.
feedback still welcome!

summary of recommendations:

reach out to the security community, add at least one security expert to the
team, review the code, do threat modeling, train the developers, use the
tools, include security in the software engineering process, create a security
and privacy advisory board, and think about security up front.

