Software Engineering, Project Management, and Effectiveness
I don't think our patterns & practices Security Engineering Explained guide is very findable, so I'm blogging it. This could very well be the short guide that forever changes how you do security engineering. The techniques in the guide are timeless and time-tested.
It's not a complicated methodology. Instead, it's a set of techniques that have proven to be the most valuable. How do we know? Customer case after customer case.
Incremental AdoptionThe beauty of this approach is that you don't have to adopt them all at once. You can pick and choose the technique you see fits your software life style. Here's some examples:
(Sorry - we don't have a set of patterns & practices guidance on performing specific security testing techniques at this time, though I think it's important and I have done some R&D projects in this area.)
It's worth pointing out that the security techniques baked into Visual Studio Team System use our security engineering approach. For example, you'll find our threat modeling templates in the MSF Agile and MSF for CMMI process guidance.
How to Get the Guidance
TeamHere's members of the original team that have blogs:
This is an oldie but a goodie. Alex (from our original team) walks through our patterns & practices
Here's a quick rundown of my take on key trends. Trends are different from fads since they're longer-lasting
Here's a quick rundown of my take on key trends. Trends are different from fads since they're