Security is hard for users, so let us clean up with NEAT & SPRUCE

Microsoft used to be a horrid company with regards to security—we do not ship if security is wrong. How do they know what’s wrong? A 24-page guideline with 68 bullet points? Perfect holiday reading 😜

The security development lifecycle team has recently tried to help us developers improve our applications, so we don’t become the next company with bad security issues. They’ve introduced two acronyms to improve security notices to our users: NEAT & SPRUCE

What is NEAT?

So, we need to show the message now—what do we put in there? SPRUCE:

Now that the training is done, let’s look at real implementations:

A web page contains secure & non-secure content

Here’s what the dialog looked like in the bad old days of IE6:

IE6

In IE 9, where this logic has been applied:

IE9

Let’s look at the differences:

What’s the risk?


Takeaways

Now that we’ve seen how this works, here’s a nice, simple [3-page document](link not provided) with more details and reminders. GO IMPROVE YOUR APPLICATIONS!

Attachments