Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Adam Shostack here. While at Tech Ed Developer in Barcelona, Michael Howard and I did three video segments. The first is on the announcements that we made and Dave Ladd blogged about. The second is a 25 minute detailed walkthrough of the new SDL Threat Modeling Tool, and the last is our top 10 security pet peeves.
Why not check them out, or have a look at all the content that TechEd Online makes available?
Great industry leadership folks!
I'm very happy to see an optimization approach for others that want to follow i your foot steps.
At the heart of our approach, we rely on the following:
1- Awareness and Education
2- Updated policies, standards, and best practices for application development and infrastructure needs.
3- Risk Assessments to prioritize applications and project engagements (my resources are finite while the need is large)
4- Security Reviews that align project/development requirements with policies, standards, and PnP and that can include Threat Modeling and Facilitated Risk Assessments
5- Automated, self-service source code reviews
6- Vulnerability Assessments for high risk application deployments
We'll check out the new Threat Modeling tool. We couldn't use the last few versions because we needed to account for Java that the tool could not handle.
Thanks for pushing the industry ahead.