February, 2009

  • The Security Development Lifecycle

    Clickjacking Defense in IE8

    • 3 Comments
    Bryan here. The Internet Explorer team released the first public release candidate build of IE8 last week, which includes some very handy new security features I’d like to talk about. Steve and I have both blogged about the IE8 Cross-Site Scripting (XSS...
  • The Security Development Lifecycle

    SDL Threat Modeling Tool 3.1.4 ships!

    • 1 Comments
    Adam here.  We’re pleased to announce version 3.1.4 of the SDL Threat Modeling Tool.  A big thanks to all our beta testers who reported issues in the forum ! In this release, we fixed many bugs, learned that we needed a little more flexibility...
  • The Security Development Lifecycle

    One Tool Does not Rule them All

    • 2 Comments
    Hello, Michael here... Over the last couple of years, I've released information about various Microsoft product security bugs that required security bulletins to explain why the SDL missed the bugs (if indeed it did) and what defenses came into play...
  • The Security Development Lifecycle

    Early Days of the SDL, Part Two

    • 1 Comments
    Hi everyone, Chris Walker here. Prior to the Windows Security Push of February 2002, security testing was rather spotty in the Windows organization. Both the Internet Explorer team and the Internet Information Server (IIS) team had mature efforts oriented...
  • The Security Development Lifecycle

    Early Days of the SDL, Part One

    • 2 Comments
    Hi everyone, Michael here. Even though 2001 and 2002 are a distant memory for many people, those years are still fresh in my mind; not because of CodeRed or Nimda, even though I had worked in the IIS team , but because of the important security work we...
  • The Security Development Lifecycle

    Early Days of the SDL, Part Three

    • 1 Comments
    Glenn here. It’s easy to look back on a career in software and see the highlights in terms of the big features pushed to meet a customer need, the milestones met, and the products shipped; but one of the highlights of mine was a fairly innocuous off-site...
  • The Security Development Lifecycle

    Early Days of the SDL, Part Four

    • 0 Comments
    Steve Lipner here. By late 2001, our security teams had been reorganized and I was managing both the Microsoft Security Response Center (MSRC) and the “Secure Windows Initiative” (SWI). MSRC handled Microsoft’s reaction to vulnerabilities and their exploitation...
  • The Security Development Lifecycle

    SDL War Story Videos

    • 1 Comments
    Watch short interviews with Mike Howard and Steve Lipner about the real-life conflicts that led to the creation of the SDL, plus the challenges and successes in implementing it at Microsoft. http://www.microsoft.com/security/bakingsecurityin/video...
Page 1 of 1 (8 items)