May, 2007

  • The Security Development Lifecycle

    Oil Change or Culture Change?

    Hello all... Dave here. I have worked on security and privacy initiatives at Microsoft for a number of years, but it wasn’t until I came to the Security Engineering group to work on the Security Development Lifecycle that I realized I don’t actually...
  • The Security Development Lifecycle

    Testing in the SDL

    James Whittaker here “You can’t test quality in.” It’s a truism coined long ago and an accepted fact of software development. Yet, for security, testing is arguably the most talked about aspect of the Security Development Lifecycle (SDL). When we get...
  • The Security Development Lifecycle

    Blue Hat 5.0

    Adam Shostack here. Last week, we held the 5th Blue Hat conference , focused on the “ Paradox of Innovation .” BlueHat is a conference where Microsoft brings applied security researchers to campus to speak to executives and engineers. I have both personal...
  • The Security Development Lifecycle

    Privacy is not just about data security

    Tina Knutson here... A few years back we integrated privacy into the SDL. Privacy and security often go hand-in-hand, but they are not the same thing. They often have the same objective, but the focus is different. When it comes to customer data, security...
  • The Security Development Lifecycle

    Security Education v. Security Training

    Dave Ladd here... There has been a lot of hoopla lately around "secure programming skills" – with not-so-thinly veiled condemnations of academicians and the role of the university in addressing the IT security problem. While it’s tempting to view...
Page 1 of 1 (5 items)