September, 2007

  • The Security Development Lifecycle

    The Trouble with Threat Modeling

    • 5 Comments
    Adam Shostack here. I said recently that I wanted to talk more about what I do. The core of what I do is help Microsoft’s product teams analyze the security of their designs by threat modeling. So I’m very concerned about how well we threat model,...
  • The Security Development Lifecycle

    Fuzz Testing at Microsoft and the Triage Process

    • 7 Comments
    Scott Lambert here. I work on the Security Engineering Tools team where we're responsible for researching, developing and publishing tools to internal product and service teams. These include fuzzing, binary analysis and attack surface analysis tools...
  • The Security Development Lifecycle

    IATAC and SDL

    • 1 Comments
    Hello all - Dave here... Booz Allen Hamilton recently released a State-of-the-Art Report (SOAR) on Software Security Assurance on behalf of the Information Assurance Technology Analysis Center (IATAC); an analysis and consulting group sponsored by...
  • The Security Development Lifecycle

    STRIDE chart

    • 1 Comments
    Adam Shostack here. I've been meaning to talk more about what I actually do, which is help the teams within Microsoft who are threat modeling (for our boxed software) to do their jobs better. Better means faster, cheaper or more effectively. There...
Page 1 of 1 (4 items)