So you thought development tools couldn't be a security risk?

Happy New Year 2007 to everybody! If you're reading this through your RSS reader, then you have successfully changed the URL of my blog.

Back to business then: when we develop software, we usually don't think that the development tool could be itself a security risk, while we still understand that the applications we write can become security risks if not written properly. However, modern development tools are complex applications, and thus can be vulnerable just as any other application.

For example, your loved Visual Studio 2005 has a security issue that affects the Professional and Team Editions. Microsoft has released the Security Bulletin MS06-073 regarding this issue in December. If you haven't applied this patch, now would be a good time to do so.