May, 2007

  • The Security Development Lifecycle

    Testing in the SDL

    • 9 Comments
    James Whittaker here “You can’t test quality in.” It’s a truism coined long ago and an accepted fact of software development. Yet, for security, testing is arguably the most talked about aspect of the Security Development Lifecycle (SDL). When we get...
  • The Security Development Lifecycle

    Security Education v. Security Training

    • 8 Comments
    Dave Ladd here... There has been a lot of hoopla lately around "secure programming skills" – with not-so-thinly veiled condemnations of academicians and the role of the university in addressing the IT security problem. While it’s tempting to view...
  • The Security Development Lifecycle

    Oil Change or Culture Change?

    • 7 Comments
    Hello all... Dave here. I have worked on security and privacy initiatives at Microsoft for a number of years, but it wasn’t until I came to the Security Engineering group to work on the Security Development Lifecycle that I realized I don’t actually...
  • The Security Development Lifecycle

    Privacy is not just about data security

    • 5 Comments
    Tina Knutson here... A few years back we integrated privacy into the SDL. Privacy and security often go hand-in-hand, but they are not the same thing. They often have the same objective, but the focus is different. When it comes to customer data, security...
  • The Security Development Lifecycle

    Blue Hat 5.0

    • 1 Comments
    Adam Shostack here. Last week, we held the 5th Blue Hat conference , focused on the “ Paradox of Innovation .” BlueHat is a conference where Microsoft brings applied security researchers to campus to speak to executives and engineers. I have both personal...
Page 1 of 1 (5 items)