Engineering secure code in small teams

I've been pretty quiet here lately as I take on an interesting project that is consuming a lot of my time. In the month of August, I have been working on "Project Anvil", an open and transparent experience where I am blogging the construction of a strong authentication server for small business... all built on the Windows stack with the smallest of teams... just me.

Why this is interesting is that I am showing how you can design more secure systems WITHOUT needing complex teams to accomplish the goals. One of the key reasons I am doing this is that I am tired of seeing micro and small ISVs (independent software vendors) complain that they cannot build a business based on quality software because they don't have the same large teams and development resources of companies like Microsoft or IBM. I shake my head when I listen to whining about how they are too small to build secure software and how that in an effort to put food on the table, they can't architect software that runs safely on our platforms of today. And I am tired of watching startups write crappy software because some VC or angel screams "get version 1 out, and worry about making it work later".

If this interests you, please consider following my progress on the Project Anvil blog. I would recommend you start from the first post, and read it in sequence. And please, feel free to comment and criticize. Challenge me, and my assumptions. I would love the opportunity to learn from your experiences as I share mine.