March, 2008

  • The Security Development Lifecycle

    "Crawling" Toward SDL

    • 10 Comments
    Hey everyone, Jeremy Dallman here. One of the phrases I often hear during vision and strategy planning meetings at Microsoft is "What is the crawl, walk, run?" We use this phrase to differentiate the initial activities that will get us quickly moving...
  • The Security Development Lifecycle

    Training People on Threat Modeling

    • 2 Comments
      Adam Shostack here. Blogger Ian Grigg has an interesting response to my threat modeling blog series, and I wanted to respond to it. In particular, Ian says “I then would prefer to see the threat - property matrix this way:” I wanted...
  • The Security Development Lifecycle

    The Other Side of Life

    • 1 Comments
    Hello everyone, Shawn Hernan here. I used to work on the SDL team, and I might have been a regular contributor to this space, but instead I joined the SQL Server security team. Ralph Hood, Microsoft SDL guru, asked me if I would contribute a post about...
  • The Security Development Lifecycle

    Voting For Transparent Communication

    • 1 Comments
    Adam Shostack here. We think of the SDL as a cradle-to-grave process, where we build security into the product from conception until the end of support. One part of that process that doesn't get much attention on this blog is how we engage with vulnerability...
  • The Security Development Lifecycle

    SDL and Filtering

    • 1 Comments
    Hi, Ralph Hood here. I should probably take a minute to introduce myself since this is my first official SDL blog post. I’ve been a program manager at Microsoft for almost nine years. In past roles at Microsoft I was the lead program manager for security...
Page 1 of 1 (5 items)