Browse by Tags

Tagged Content List
  • Blog Post: SDL and Compliance: New Blog Series at Security Blogs

    Arjuna Shunn here. Our friends over on the security blog have done up a series of posts about SDL and compliance which are worth reading. Using data from numerous sources, ranging from our SDL and HIPAA whitepaper, our SDL and PCI DSS/PA-DSS whitepaper, and from our SDL Chronicles among others, they’ve...
  • Blog Post: Necessary, Explained, Actionable, and Tested (NEAT) Cards

    Previously, we blogged about “ Adding Usable Security to the SDL .” Feedback as we hand out the cards at a variety of conferences has been amazingly positive. We wanted to make it easier for folks outside of Microsoft to take advantage of NEAT, and so today, we’re putting those cards...
  • Blog Post: Application Security: 2011 & Beyond – A Forrester Research Report

    Hi All. Doug here, In April 2011 Forrester Research wrote a new study on Application Security. This study, titled Application Security: 2011 & Beyond led by Dr Chenxi Wang, Lead Analyst at Forrester Research, provides valuable research, insights and recommendations for security and risk professionals...
  • Blog Post: Adding Usable Security to the SDL

    Adam Shostack here. Lately, I’ve been focused on how we bring the engineering of usable security into the SDL. When I say usable security, I mean that for those times when we need to ask a user for input on something only they know. (For example, are you connecting to a coffee shop network or your...
Page 1 of 1 (4 items)