April, 2008

  • The Security Development Lifecycle

    Crispin Cowan's Blog

    • 0 Comments
    Ralph here, I wanted to let everyone know that Crispin Cowan has just started his own blog . Keep an eye on it for some great posts in the future.
  • The Security Development Lifecycle

    SDL Threat Modeling @ ToorCon

    • 1 Comments
    Adam Shostack here. I spoke at Toorcon this past weekend on "SDL Threat Modeling: Past, Present and Future." I wanted to share my slides to help clarify a bit about where SDL threat modeling is and why, and a bit about where we're going. (Click...
  • The Security Development Lifecycle

    Oh No! Security Metrics!

    • 6 Comments
    Hello, Michael here. A colleague sent me a link to a blog post from a couple of days ago: Pete Lindstrom of Burton Group blogged that Microsoft's SDL has Saved the World!! raising concerns about Microsoft using vulnerability counts as a means to measure...
  • The Security Development Lifecycle

    SDL and "End to End Trust"

    • 1 Comments
    Hi folks, Eric Bidstrup here. Last week at RSA, Microsoft Chief Research and Strategy Officer Craig Mundie spoke and outlined a proposed vision for “End to End Trust.” Much has and will be written on that, and additional information and discussions...
  • The Security Development Lifecycle

    Microsoft SDL Process – in detail

    • 6 Comments
    Hello all – Dave here… I am currently at RSA and decided to take a few moments to blog about some updates to the Security Development Lifecycle. Admittedly, I have been “radio silent” on the blog for awhile – for those...
  • The Security Development Lifecycle

    Phishing Holes

    • 4 Comments
    Hi everyone, Bryan Sullivan here. Here’s a quiz for you. Quick, tell me what page the following URL is going to take you to: http://www.somebank.com/welcome.aspx?p=http%3A%2F%2Fwww.somebank.com%2Flogin.aspx If you answered “www.somebank.com/welcome...
Page 1 of 1 (6 items)