Hi All. Doug here, In April 2011 Forrester Research wrote a new study on Application Security. This study, titled Application Security: 2011 & Beyond led by Dr Chenxi Wang, Lead Analyst at Forrester Research, provides valuable research, insights and recommendations for security and risk professionals...

Hi, Adam Shostack here. I just wanted to let you know that I’ll be speaking at Black Hat about “Elevation of Privilege: The Easy Way to Threat Model.” Threat modeling is critical to secure development, and people find it intimidating and tough to get started. I will present Elevation...

Jeremy Dallman here to announce that we are releasing the latest version of the Microsoft Security Development Lifecycle process guidance – Version 5 (SDLv5) . It is now available for download as well as updated in the MSDN library . We have released incremental updates to the SDL process guidance...

Jeremy Dallman here. Earlier today, Errata Security released the results of their survey: Integrating Security into the Software Development LifeCycle . This survey was conducted over a two-week period and gathered information from 46 different companies both online and at events around the RSA 2010...

Hi everyone, Bryan here. There is a common misconception that because the SDL was originally created for Microsoft’s big showcase box products like Windows and SQL Server, that it only works for those kinds of products. This is of course patently false: virtually every Microsoft product and online...