Explore Videos MSDN eNews Social
Windows
Web
Phone
Cloud
Visual Studio
Security
ALM
Breakpoint
Canada Does Windows Azure
More
The latest on developer tools and technologies you care about.

Sign Up
Latest Editions
Previous Editions  
Stay connected through on your favourite social network.

Twitter
Facebook
LinkedIn

Dana Epp on the Microsoft SDL Threat Modeling Tool

Dana Epp on the Microsoft SDL Threat Modeling Tool

  • Comments 1

Earlier today at Microsoft Tech·Ed EMEA 2008 - Developer in Barcelona, we announced the launch of the SDL Optimization Model, SDL Pro Network and the Microsoft SDL Threat Modeling Tool 3.1 Beta! You can read more about this announcement here or you can read more at the Microsoft Security Development Lifecycle (SDL) Blog.

To better understand why the Microsoft SDL Threat Modeling Tool 3.1 Beta is important to developers, I spoke to Canadian security wonk Dana Epp (AKA, Canada's Worf) and asked him a few questions about this tool and the Microsoft Security Development Lifecycle (SDL) itself.

Download MP3 Audio - Dana Epp on the Microsoft SDL Threat Modeling Tool (10.29 MB - 22 minutes, 28 seconds)

You can grab the Microsoft SDL Threat Modeling Tool 3.1 Beta today from Microsoft Downloads. Just make sure you have Visio installed as well. It's a great tool to help you identify and mitigate some of the threats in the STRIDE framework.

About Dana Epp

Dana Epp researches software security and sets the corporate vision in the convergence of information security principles and practices with digital information asset protection at Scorpion Software. As a computer security software architect, Dana has spent the last 15 years focusing on computer programming with a particular emphasis on security engineering to offer a safer computing environment for small business.

Dana has been an instructor in the Computer Information Systems department at the University College of the Fraser Valley and British Columbia Institute of Technology (BCIT), teaching students about computer programming and information security. He has brought to market various computer security products including secure operating systems, firewalls, VPNs, authentication devices and intrusion prevention systems (IPS). His latest research has been on identity and access control for Windows-based environments, focusing on two-factor authentication solutions for small business.

Dana has been twice awarded the Community Spirit Award for Business in recognition of his ongoing initiatives in promoting high technology industries in his community, and won the 2001 Chamber of Commerce "Young Entrepreneur of the Year" award. In 2006 and 2007 Dana has been honored with the award and distinction of Microsoft Windows Security Microsoft Most Valuable Professional (MVP) for his work and expertise in Windows security and continues to provide leadership in the community in regards to the application of information security principles and practices into software development and use.

About Developer Night in Canada (DNIC) 

Developer Night in Canada (DNIC) is a podcast produced by John Bristowe (@jbristowe) and Joey deVilla (@AccordionGuy) of Microsoft Canada. Its focus is to provide insight and analysis from some of the developers and experts in Canada. The RSS feed for Developer Night in Canada (DNIC) is available here. Alternatively, you can subscribe through Apple's iTunes here.

Attachment: http://media.libsyn.com/media/cdnitmanagers/DNIC_DanaEpp_SDL.mp3
Leave a Comment
  • Please add 3 and 1 and type the answer here:
  • Post