Security

116
Total Pages
38
Linux-Friendly Pages
78
Pages with Bias
67.2%
Bias Rate

Bias Trend Over Time

Pages with Bias Issues

380 issues found
Showing 1-25 of 380 flagged pages
Security Session Management - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...ity/develop/threat-modeling-tool-session-management.md
High Priority View Details →
Scanned: 2026-01-14 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools Powershell Heavy
Summary
The documentation is heavily focused on ASP.NET, ADFS, and Windows-centric technologies, with all code/configuration examples using Windows-specific frameworks (ASP.NET, MVC, Web Forms) and configuration files (web.config). There are no examples or guidance for Linux/macOS web stacks (e.g., Node.js, Python, Java, Nginx/Apache), nor any mention of cross-platform equivalents for session management, cookies, or CSRF mitigation. PowerShell is referenced for ADFS configuration, with no alternative for non-Windows environments.
Recommendations
  • Add examples for popular Linux/macOS web frameworks (e.g., Express.js, Django, Flask, Spring Boot) showing how to configure secure cookies, session timeouts, and CSRF protection.
  • Include generic HTTP header and cookie configuration guidance applicable to any platform, not just web.config/ASP.NET.
  • Provide parity for ADFS/PowerShell steps by mentioning SAML/OAuth/OpenID Connect logout/session management for cross-platform identity providers.
  • Reference cross-platform tools and libraries for session management and CSRF mitigation (e.g., OWASP CSRFGuard, helmet.js, Django CSRF middleware).
  • Clarify which mitigations are Windows/.NET-specific and which are generally applicable, to help non-Windows developers understand what is relevant.
GitHub Create Pull Request
Security Microsoft Threat Modeling Tool release 10/16/2019 - Azure ...rity/develop/threat-modeling-tool-releases-71610151.md
High Priority View Details →
Scanned: 2026-01-13 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Missing Linux Example Windows First
Summary
The documentation exclusively references Windows as the supported operating system, with no mention of Linux or macOS compatibility. All system requirements, download links, and usage instructions are Windows-centric, and there is no guidance or examples for Linux or macOS users.
Recommendations
  • Explicitly state whether the tool is Windows-only or provide information about Linux/macOS compatibility.
  • If possible, offer Linux/macOS versions or alternatives, or document how to run the tool via Wine or similar compatibility layers.
  • Include system requirements and installation instructions for Linux/macOS if supported.
  • Provide troubleshooting and known issues sections relevant to non-Windows platforms.
GitHub Create Pull Request
Security Microsoft Threat Modeling Tool release 7/2/2019 ...rity/develop/threat-modeling-tool-releases-71607021.md
High Priority View Details →
Scanned: 2026-01-13 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Missing Linux Example Windows First
Summary
The documentation page for the Microsoft Threat Modeling Tool is heavily Windows-centric. It lists only Windows 10 as a supported operating system, requires .NET Framework (which is Windows-only), and does not mention Linux or macOS support or alternatives. There are no Linux/macOS installation instructions, nor any cross-platform considerations. The download and usage instructions implicitly assume a Windows environment.
Recommendations
  • Explicitly state platform limitations and, if possible, provide guidance for Linux/macOS users (e.g., via Wine, virtual machines, or alternative threat modeling tools).
  • Include a section discussing cross-platform support or lack thereof, and suggest open-source or cross-platform alternatives if the tool is Windows-only.
  • If future versions will support other platforms, mention this in the documentation.
  • Provide links to community discussions or issues regarding Linux/macOS support.
GitHub Create Pull Request
Security Enhance remote management security in Azure | Microsoft Docs ...blob/main/articles/security/fundamentals/management.md
High Priority View Details →
Scanned: 2026-01-13 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
🔧 Windows Tools Powershell Heavy Windows First Missing Linux Example
Summary
The documentation exhibits a strong Windows bias throughout. It consistently references Windows-specific tools (e.g., AppLocker, Hyper-V, Group Policy Objects, Windows Firewall, BitLocker, MMC, Windows PowerShell) and patterns (Active Directory, GPOs, AD DS) as the default or only approach for hardening and managing workstations. There are no Linux/macOS equivalents or examples provided, and all command-line and security configuration guidance is Windows-centric. This leaves Linux/macOS users without clear, actionable steps or tool recommendations for achieving similar security postures.
Recommendations
  • Provide equivalent Linux/macOS examples and tool recommendations for each Windows-specific technology (e.g., AppArmor/SELinux for AppLocker, iptables/nftables for Windows Firewall, LUKS for BitLocker, sudoers/polkit for GPOs/least privilege).
  • Include cross-platform Azure CLI and scripting examples (not just PowerShell).
  • Explicitly mention and link to Linux/macOS remote management and hardening guides.
  • Reorganize sections to present cross-platform or OS-agnostic principles first, followed by OS-specific implementations.
  • Add a table or appendix mapping Windows tools/patterns to their Linux/macOS counterparts.
GitHub Create Pull Request
Security Microsoft Threat Modeling Tool release 02/11/2020 - Azure ...rity/develop/threat-modeling-tool-releases-73002061.md
High Priority View Details →
Scanned: 2026-01-13 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Missing Linux Example Windows First
Summary
The documentation page exclusively references Windows as the supported operating system for the Microsoft Threat Modeling Tool, with no mention of Linux or macOS compatibility, installation, or usage. All system requirements and download instructions are Windows-centric, and there are no examples or guidance for non-Windows platforms.
Recommendations
  • Clearly state platform limitations at the top of the documentation.
  • If possible, provide information about running the tool on Linux/macOS (e.g., via Wine, virtualization, or alternative tools).
  • Offer links to cross-platform threat modeling tools for users on non-Windows systems.
  • Include a FAQ addressing platform support and alternatives.
GitHub Create Pull Request
Security Configuration management for the Microsoft Threat Modeling Tool ...velop/threat-modeling-tool-configuration-management.md
High Priority View Details →
Scanned: 2026-01-13 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools Powershell Heavy
Summary
The documentation is heavily oriented towards Windows and Microsoft technologies, with examples and mitigation steps almost exclusively referencing Windows-specific tools (e.g., IIS web.config, BitLocker, Windows Firewall, ASP.NET, WCF). There are no Linux or macOS equivalents or examples provided for critical configuration management tasks, such as setting security headers, firewall configuration, or disk encryption. This creates friction for users deploying on non-Windows platforms, as they must research and adapt solutions themselves.
Recommendations
  • Provide Linux/macOS equivalents for all configuration steps and code examples, such as Apache/Nginx configuration for security headers, iptables/firewalld for firewall setup, and LUKS for disk encryption.
  • Include cross-platform code samples (e.g., Python, Node.js, or shell scripts) for generic tasks like setting HTTP headers.
  • Mention open-source or platform-neutral alternatives to Windows-only tools (e.g., instead of BitLocker, reference LUKS/dm-crypt for Linux).
  • Structure examples so that platform-agnostic or Linux/macOS solutions are presented alongside or before Windows-specific instructions.
  • Clarify which mitigations are universally applicable and which are platform-specific, and provide links to relevant documentation for non-Windows environments.
GitHub Create Pull Request
Security Microsoft Threat Modeling Tool release 4/9/2019 ...rity/develop/threat-modeling-tool-releases-71604081.md
High Priority View Details →
Scanned: 2026-01-13 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Missing Linux Example Windows First
Summary
The documentation exclusively references Windows as the supported operating system and requires .NET Framework, which is Windows-specific. There are no mentions of Linux or macOS support, nor any guidance for users of those platforms. All examples, requirements, and instructions are Windows-centric.
Recommendations
  • Explicitly state platform support, including whether Linux/macOS are unsupported or provide alternatives if available.
  • If cross-platform support is possible (e.g., via Mono or .NET Core), include installation and usage instructions for Linux/macOS.
  • Offer guidance or workarounds for non-Windows users, such as running the tool in a VM or container.
  • Consider providing a web-based or cross-platform version of the tool if feasible.
GitHub Create Pull Request
Security Exception Management - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...y/develop/threat-modeling-tool-exception-management.md
High Priority View Details →
Scanned: 2026-01-13 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation is heavily focused on Windows-centric technologies such as WCF, ASP.NET, IIS, and .NET Framework, with configuration examples and mitigation steps that are only applicable to Windows environments. There are no Linux or cross-platform equivalents provided, and references to tools and deployment methods (e.g., IIS, web.config, machine.config) are specific to Windows. Linux users are left without guidance for similar tasks in their environments.
Recommendations
  • Include examples and mitigation steps for cross-platform frameworks (e.g., .NET Core/ASP.NET Core on Linux, Kestrel, Nginx, Apache).
  • Provide configuration and error handling guidance for Linux-based deployments, such as using appsettings.json, environment variables, or web server config files.
  • Mention Linux-compatible deployment tools and patterns alongside Windows/IIS instructions.
  • Add references to documentation for Linux and macOS environments where applicable.
  • Clarify which steps are Windows-only and offer alternatives for non-Windows platforms.
GitHub Create Pull Request
Security Session Management - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...ity/develop/threat-modeling-tool-session-management.md
High Priority View Details →
Scanned: 2026-01-13 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools Powershell Heavy
Summary
The documentation is heavily focused on Windows-centric technologies and patterns, such as ASP.NET, ADFS, web.config, and PowerShell commands. All code samples and configuration examples are for Windows/.NET environments, with no mention of Linux, macOS, or cross-platform equivalents. Windows tools (e.g., PowerShell, web.config) are referenced exclusively, and critical security mitigations are described only in terms of Windows frameworks and configuration files.
Recommendations
  • Provide equivalent examples for Linux and macOS environments, such as using NGINX/Apache for session/cookie management.
  • Include cross-platform frameworks (e.g., Node.js, Python Flask/Django, Java Spring) in code samples for session management and CSRF mitigation.
  • Reference configuration files and patterns used on Linux (e.g., nginx.conf, .env files) alongside web.config.
  • Offer guidance for implementing security features (logout, secure cookies, CSRF protection) in non-Windows stacks.
  • Replace or supplement PowerShell commands with bash/shell alternatives where possible.
  • Clarify which mitigations are specific to Windows/.NET and which are general best practices.
GitHub Create Pull Request
Security Microsoft Antimalware code samples for Azure | Microsoft Docs ...cles/security/fundamentals/antimalware-code-samples.md
High Priority View Details →
Scanned: 2026-01-13 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Powershell Heavy 🔧 Windows Tools Missing Linux Example Windows First
Summary
The documentation exclusively provides PowerShell code samples and references Windows-centric tools and file paths (e.g., C:\ paths, .exe processes). There are no examples or guidance for Linux or macOS users, nor any mention of Bash, Azure CLI, or Linux-specific configuration patterns. This creates a strong Windows bias and may prevent Linux users from completing the tasks described.
Recommendations
  • Add equivalent Azure CLI and/or Bash examples for each scenario, demonstrating how to enable and configure Microsoft Antimalware on Linux VMs and Arc-enabled servers.
  • Clarify whether Microsoft Antimalware is supported on Linux-based VMs and, if not, provide links or guidance for Linux security solutions.
  • Replace or supplement Windows file paths and process examples with Linux equivalents where appropriate.
  • Explicitly state platform limitations and provide parity guidance for non-Windows environments.
GitHub Create Pull Request
Security Hypervisor security on the Azure fleet - Azure Security ...blob/main/articles/security/fundamentals/hypervisor.md
High Priority View Details →
Scanned: 2026-01-13 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation page is heavily focused on Windows technologies, specifically Hyper-V, which is a Windows-based hypervisor. There are no mentions of Linux or cross-platform hypervisor technologies, nor are there examples or guidance for Linux users. The terminology and security mechanisms described are specific to Windows and Azure's implementation, with no consideration for Linux-based virtualization or management tools.
Recommendations
  • Include references to Linux-compatible hypervisors (e.g., KVM, Xen) and explain how Azure supports or interacts with them, if applicable.
  • Provide examples or guidance for Linux administrators on managing hypervisor security within Azure.
  • Clarify whether the described security boundaries and mitigations apply to Linux-based VMs or only Windows-based VMs.
  • Add parity in documentation for Linux tools and processes where relevant, such as audit mechanisms, exploit mitigations, and platform integrity checks.
GitHub Create Pull Request
Security Microsoft Antimalware for Azure | Microsoft Docs ...lob/main/articles/security/fundamentals/antimalware.md
High Priority View Details →
Scanned: 2026-01-13 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools Powershell Heavy
Summary
The documentation is strongly biased toward Windows environments. All deployment and configuration instructions, examples, and code samples are exclusively for Windows Server and Windows-based Azure VMs. The documentation repeatedly references Windows-only tools (PowerShell, Visual Studio, Windows event logs) and does not provide any guidance or examples for Linux VMs. Linux is explicitly stated as unsupported, and there are no alternative recommendations or parity features for Linux users.
Recommendations
  • Clearly state Linux support limitations at the top of the document.
  • If any antimalware solutions exist for Linux on Azure, provide links or guidance.
  • Offer parity documentation for Linux VMs, such as recommended antimalware solutions, deployment patterns, or monitoring options.
  • Include a comparison table of antimalware options for Windows and Linux on Azure.
  • If PowerShell is required, suggest CLI or REST API alternatives where possible, especially for cross-platform scenarios.
GitHub Create Pull Request
Security Hypervisor security on the Azure fleet - Azure Security ...blob/main/articles/security/fundamentals/hypervisor.md
High Priority View Details →
Scanned: 2026-01-11 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation page demonstrates Windows bias by exclusively referencing Windows Hyper-V as the hypervisor technology, with no mention of Linux-based hypervisors (such as KVM or Xen) or examples relevant to Linux environments. All security mechanisms and attack surfaces are described in terms of Windows technologies and tools, and there are no Linux-specific instructions, terminology, or parity in examples.
Recommendations
  • Include references to Linux-based hypervisors (e.g., KVM, Xen) where relevant, and discuss how Azure secures these platforms if applicable.
  • Provide examples or explanations of security boundaries and mitigations for Linux VMs and their hypervisor environments.
  • Mention Linux-specific security features (e.g., SELinux, AppArmor, seccomp) and how they interact with Azure's virtualization security model.
  • Clarify whether the described security processes apply to both Windows and Linux guests, and highlight any differences.
  • Add links to documentation on securing Linux-based workloads in Azure, ensuring parity with Windows-focused content.
GitHub Create Pull Request
Security Enhance remote management security in Azure | Microsoft Docs ...blob/main/articles/security/fundamentals/management.md
High Priority View Details →
Scanned: 2026-01-11 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools Powershell Heavy
Summary
The documentation demonstrates a strong Windows bias throughout. It consistently references Windows-specific tools (such as AppLocker, Hyper-V, Windows Firewall, Group Policy Objects, BitLocker, and Windows PowerShell) as primary or sole solutions for hardening and managing workstations. There are no examples or guidance for equivalent Linux tools or practices, and Linux-based management scenarios are not addressed. The language and examples assume a Windows environment, with no mention of Linux or cross-platform alternatives.
Recommendations
  • Include parallel examples and guidance for Linux-based management workstations, such as using iptables/nftables for firewalling, AppArmor/SELinux for application control, and Linux-native VPN clients.
  • Reference cross-platform tools and approaches where possible (e.g., Azure CLI, which runs on Windows, Linux, and macOS) instead of focusing solely on Windows PowerShell.
  • Provide instructions for hardening Linux management workstations, including patch management, privilege separation (e.g., sudo), and Linux-specific best practices.
  • Mention Linux equivalents for Windows-specific technologies (e.g., BitLocker vs. LUKS/dm-crypt for disk encryption, Group Policy vs. configuration management tools like Ansible, Puppet, or Chef).
  • Add diagrams and scenarios that include Linux and macOS endpoints to reflect the diversity of real-world Azure management environments.
  • Explicitly state that Azure management can be performed from non-Windows platforms and link to relevant documentation for those platforms.
GitHub Create Pull Request
Security Microsoft Threat Modeling Tool release 02/11/2020 - Azure ...rity/develop/threat-modeling-tool-releases-73002061.md
High Priority View Details →
Scanned: 2026-01-11 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation page exclusively references Windows as the supported operating system, with no mention of Linux or macOS support. All system requirements and download instructions are Windows-centric, and there are no examples or guidance for Linux users. The tool itself appears to be Windows-only, and there is no discussion of cross-platform alternatives or workarounds.
Recommendations
  • Explicitly state if the tool is Windows-only, and if so, provide rationale or roadmap for Linux/macOS support.
  • If possible, offer a Linux-compatible version or suggest alternatives for Linux users.
  • Include a section addressing cross-platform compatibility and any known workarounds (e.g., running via Wine, using virtual machines).
  • Ensure future documentation includes parity for Linux and macOS where applicable, or clearly communicates platform limitations.
GitHub Create Pull Request
Security Microsoft Threat Modeling Tool release 7/2/2019 ...rity/develop/threat-modeling-tool-releases-71607021.md
High Priority View Details →
Scanned: 2026-01-11 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation page for the Microsoft Threat Modeling Tool exclusively references Windows as the supported operating system, with no mention of Linux or macOS support, installation instructions, or usage examples. All system requirements and download instructions are Windows-centric, and the tool itself appears to be a Windows-only application.
Recommendations
  • Explicitly state platform limitations (e.g., 'Windows-only') if Linux/macOS are not supported.
  • If possible, provide information about running the tool on Linux/macOS (e.g., via Wine, virtual machines, or alternative tools).
  • Include parity notes or alternative recommendations for Linux users interested in threat modeling.
  • Add a section comparing platform support and listing equivalent open-source or cross-platform threat modeling tools.
GitHub Create Pull Request
Security Auditing and Logging - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...y/develop/threat-modeling-tool-auditing-and-logging.md
High Priority View Details →
Scanned: 2026-01-11 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Windows First Missing Linux Example
Summary
The documentation demonstrates a Windows bias by referencing Windows-specific tools (e.g., Windows ACLs, SQL Server, WCF/.NET configuration) and providing configuration examples only for Windows technologies. There is a lack of Linux-specific guidance or examples, such as using Linux file permissions, log rotation tools, or auditing mechanisms. Windows terminology and solutions are mentioned exclusively or before any cross-platform alternatives.
Recommendations
  • Add Linux-specific examples for log file access control, such as using chmod, chown, and setfacl.
  • Include guidance for log rotation on Linux systems (e.g., logrotate configuration).
  • Provide auditing and logging examples for popular Linux databases (e.g., PostgreSQL, MySQL) alongside SQL Server.
  • Mention cross-platform logging frameworks (e.g., syslog, rsyslog, ELK stack) in addition to Windows Event Log and WCF.
  • Where access control is discussed, reference both Windows ACLs and Linux file permissions.
  • Ensure that examples and recommendations are balanced between Windows and Linux environments to improve parity.
GitHub Create Pull Request
Security Authentication - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...ecurity/develop/threat-modeling-tool-authentication.md
High Priority View Details →
Scanned: 2026-01-11 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example Powershell Heavy
Summary
The documentation demonstrates a Windows bias in several areas: Windows authentication is recommended as the default for SQL Server, and Windows-based authentication is listed before other methods in multiple sections. Windows-specific tools and terminology (e.g., Kerberos, Windows password policy, Windows Server certificate service, MSMQ, WCF) are referenced without Linux or cross-platform equivalents. There are no Linux-specific authentication examples, and no mention of Linux-native tools or patterns for authentication, certificate management, or service configuration. Example code and configuration snippets are focused on .NET, C#, and Windows-centric technologies, with no parity for Linux environments.
Recommendations
  • For each authentication method or recommendation that references Windows (e.g., Windows Authentication, Kerberos, Windows password policy), provide equivalent guidance for Linux environments (e.g., Kerberos on Linux, PAM, LDAP, or SSSD integration).
  • When listing authentication mechanisms, avoid putting Windows-based methods first or exclusively; instead, present options in a platform-neutral order or include Linux-native methods alongside Windows ones.
  • Where Windows tools are mentioned (e.g., Windows Server certificate service, MakeCert.exe), also mention and provide examples for Linux tools (e.g., OpenSSL, certbot, Linux PKI solutions).
  • For MSMQ and WCF, clarify their Windows-specific nature and, where possible, suggest cross-platform alternatives (e.g., RabbitMQ, gRPC, or other message queue solutions).
  • Include example code and configuration snippets for Linux environments and popular open-source stacks (e.g., Python, Java, Node.js on Linux, systemd service configuration, Linux certificate stores).
  • Explicitly state when a recommendation is Windows-only and provide parallel instructions for Linux where feasible.
  • Reference Linux documentation and best practices for authentication, certificate management, and secure service configuration.
GitHub Create Pull Request
Security Communication security for the Microsoft Threat Modeling Tool ...develop/threat-modeling-tool-communication-security.md
High Priority View Details →
Scanned: 2026-01-11 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools Powershell Heavy
Summary
The documentation page demonstrates a Windows bias by prioritizing Windows-centric technologies, tools, and examples. Many recommendations and code samples focus on ASP.NET, WCF, and Windows-specific configuration (e.g., web.config, ServicePointManager, SQL Server Management Studio), with little or no mention of Linux equivalents or cross-platform approaches. Examples and references are almost exclusively for Windows environments, leaving Linux users without guidance for achieving parity.
Recommendations
  • Provide Linux-specific examples and instructions for all mitigation steps, such as configuring HTTPS enforcement in Apache/Nginx, certificate validation in Python/Java, and secure connections to SQL Server from Linux clients.
  • Include cross-platform code samples (e.g., Python, Java, Node.js) for certificate pinning, HTTPS enforcement, and other security tasks.
  • Mention Linux tools and configuration files (e.g., .htaccess, nginx.conf) alongside Windows tools like web.config and SQL Server Management Studio.
  • Reference Linux-compatible clients and libraries for Azure services (e.g., Azure CLI, OpenSSL, Linux SMB clients) where appropriate.
  • Avoid assuming the use of Windows-only frameworks (e.g., WCF, ASP.NET) and provide alternatives for Linux and open-source stacks.
GitHub Create Pull Request
Security Cryptography - Microsoft Threat Modeling Tool - Azure | Microsoft Docs .../security/develop/threat-modeling-tool-cryptography.md
High Priority View Details →
Scanned: 2026-01-11 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Powershell Heavy Missing Linux Example
Summary
The documentation demonstrates a clear Windows bias. Windows technologies, APIs, and tools (CNG, CAPI, Win32/64, .NET, BitLocker, TPM on Windows IoT Core, SSIS, SQL Server features) are referenced extensively and often exclusively. Examples and recommendations are almost always Windows-centric, with little to no mention of Linux equivalents or cross-platform alternatives. Where other platforms are mentioned (Apple, Java/Android), they are brief and lack parity in detail or example code. Linux cryptographic APIs, disk encryption tools, and IoT security approaches are missing.
Recommendations
  • Add Linux-specific cryptographic API references (e.g., OpenSSL, /dev/urandom, libgcrypt, GnuTLS) alongside Windows APIs.
  • Provide example code for Linux and cross-platform environments (e.g., Python with cryptography, C/C++ with OpenSSL) where only .NET or Windows code is shown.
  • Mention Linux disk encryption tools (e.g., LUKS, dm-crypt) when discussing BitLocker.
  • Include Linux IoT security approaches (e.g., TPM2.0 tools, secure key storage with Linux kernel modules) in IoT sections.
  • Reference cross-platform database encryption options (e.g., PostgreSQL TDE, MySQL encryption) in addition to SQL Server.
  • Ensure parity in recommendations and examples for random number generation, MAC/HMAC, and hash functions for Linux and open-source stacks.
  • Explicitly state platform applicability for each recommendation, and avoid assuming Windows as the default.
GitHub Create Pull Request
Security Design secure applications on Microsoft Azure ...s/blob/main/articles/security/develop/secure-design.md
High Priority View Details →
Scanned: 2026-01-11 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Powershell Heavy Missing Linux Example
Summary
The documentation demonstrates a Windows bias by referencing Microsoft-specific tools, services, and patterns (such as PowerShell, Entra ID, and SDL Threat Modeling Tool) without mentioning or providing Linux or open-source equivalents. Examples and links are predominantly for Windows or Microsoft-centric technologies, and there is a lack of explicit Linux or cross-platform guidance, especially in areas like authentication, logging, and secure development practices.
Recommendations
  • Include Linux-specific examples and tools alongside Windows ones, such as using Bash scripts or Linux CLI for Azure management.
  • Reference open-source or cross-platform alternatives for threat modeling, authentication, and key management (e.g., OWASP Threat Dragon, HashiCorp Vault).
  • Provide parity in documentation for both Windows and Linux environments, especially for DevOps, logging, and security controls.
  • Explicitly mention how Azure services and SDKs can be used from Linux environments, including setup and usage instructions.
  • Add links to Linux-focused Azure documentation and best practices.
  • Ensure that examples and recommendations do not assume a Windows-first approach, and clarify platform-agnostic steps where possible.
GitHub Create Pull Request
Security Authorization - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...security/develop/threat-modeling-tool-authorization.md
High Priority View Details →
Scanned: 2026-01-11 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Windows First Missing Linux Example
Summary
The documentation page exhibits a moderate Windows bias. It references Windows-specific technologies (WCF, ASP.NET, Windows Groups), and configuration examples are provided only for Windows-centric frameworks (WCF, ASP.NET Web API). Authorization examples use Windows roles and groups, with no mention of Linux equivalents (such as POSIX ACLs, Linux groups, or open-source web frameworks). There are no Linux or cross-platform code/configuration samples, and Windows patterns are presented as defaults.
Recommendations
  • Include Linux-specific examples for ACLs, such as using setfacl or chmod/chown for file permissions.
  • Provide equivalent authorization configuration samples for popular Linux web frameworks (e.g., Flask, Django, Express.js) alongside ASP.NET examples.
  • Mention Linux group/user management and sudoers configuration when discussing least privilege principles.
  • For WCF and Windows Groups, add notes or examples for Linux alternatives (e.g., using PAM, systemd, or application-level RBAC).
  • Where Windows roles/groups are referenced, clarify cross-platform approaches and provide links to Linux documentation.
  • Ensure that all code/configuration samples have Linux or cross-platform equivalents, not just Windows/.NET.
GitHub Create Pull Request
Security Configuration management for the Microsoft Threat Modeling Tool ...velop/threat-modeling-tool-configuration-management.md
High Priority View Details →
Scanned: 2026-01-11 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools Powershell Heavy
Summary
The documentation page exhibits a strong Windows bias, with nearly all configuration, security, and code examples focused on Windows technologies (ASP.NET, IIS, Windows Firewall, BitLocker, Windows Azure, WCF, etc.). There is little to no mention of Linux equivalents or cross-platform alternatives, and examples are exclusively in C#, XML (web.config), or reference Windows-only features. Linux tools, configuration files, and patterns are absent, even in areas where Linux is commonly used (web servers, firewalls, disk encryption, etc.).
Recommendations
  • Provide Linux/Unix equivalents for all configuration and security recommendations (e.g., show how to set HTTP headers in Apache/Nginx, use iptables/firewalld for firewall configuration, use LUKS/dm-crypt for disk encryption).
  • Include code samples in languages and frameworks commonly used on Linux (e.g., Python, Node.js, Java, Go) alongside C#/.NET examples.
  • Reference cross-platform or Linux-specific tools and patterns (e.g., SELinux/AppArmor for endpoint security, systemd for service management, OpenSSL for encryption).
  • Clarify when recommendations are Windows-specific and offer alternative guidance for Linux-based deployments.
  • Add documentation sections or tables explicitly comparing Windows and Linux approaches for each mitigation or configuration topic.
GitHub Create Pull Request
Security Exception Management - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...y/develop/threat-modeling-tool-exception-management.md
High Priority View Details →
Scanned: 2026-01-11 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation page demonstrates a strong Windows bias by exclusively referencing Windows technologies (WCF, ASP.NET, IIS, web.config, machine.config), providing configuration and code examples only for .NET and Windows-centric frameworks, and mentioning Windows tools (IIS) and patterns without Linux equivalents. There are no examples or guidance for Linux-based deployments, open-source web servers (e.g., Apache, Nginx), or cross-platform exception management practices.
Recommendations
  • Include examples for Linux-based web servers (e.g., Apache, Nginx) and their error handling configurations.
  • Provide cross-platform code samples (e.g., Java, Python, Node.js) for exception management and error handling.
  • Mention deployment and configuration steps for Linux environments (e.g., using systemd, environment variables, or Linux file paths).
  • Reference open-source and cross-platform frameworks (e.g., Flask, Express, Spring) alongside .NET and Windows technologies.
  • Add guidance for handling exceptions and error messages in non-Windows environments, including best practices for logging and user messaging.
GitHub Create Pull Request
Security Input Validation - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...urity/develop/threat-modeling-tool-input-validation.md
High Priority View Details →
Scanned: 2026-01-11 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation demonstrates a strong Windows bias. Most code examples are in C#/.NET, and configuration instructions reference Windows-specific technologies (IIS, web.config, MSXML, http.sys). References and steps frequently mention Windows tools and APIs first or exclusively, with little to no mention of Linux/Unix equivalents or cross-platform approaches. There are no examples for Linux-based web servers (e.g., Apache, Nginx), nor for non-.NET languages or frameworks. Where browser support is discussed, Internet Explorer is emphasized, and other browsers are only mentioned as future considerations.
Recommendations
  • Provide equivalent examples for Linux/Unix environments, such as configuring headers in Apache (httpd.conf) or Nginx (nginx.conf), and using open-source XML libraries (e.g., lxml, expat) for entity resolution.
  • Include code samples in other common web languages (Python, Java, Node.js, PHP) to demonstrate input validation and output encoding.
  • Reference cross-platform libraries and tools (e.g., OWASP ESAPI, HTMLPurifier, Python's bleach) for encoding and sanitization.
  • Discuss configuration and security controls for non-Windows web servers and application stacks.
  • When mentioning browser support, provide details for Chrome, Firefox, Safari, and Edge, not just Internet Explorer.
  • Avoid assuming .NET or Windows as the default platform; clarify which recommendations are platform-specific and offer alternatives.
GitHub Create Pull Request
Previous Page 1 of 16 Next