Arjuna Shunn here. Our friends over on the security blog have done up a series of posts about SDL and compliance which are worth reading. Using data from numerous sources, ranging from our SDL and HIPAA whitepaper, our SDL and PCI DSS/PA-DSS whitepaper, and from our SDL Chronicles among others, they’ve...

Previously, we blogged about “ Adding Usable Security to the SDL .” Feedback as we hand out the cards at a variety of conferences has been amazingly positive. We wanted to make it easier for folks outside of Microsoft to take advantage of NEAT, and so today, we’re putting those cards...

Hi All. Doug here, In April 2011 Forrester Research wrote a new study on Application Security. This study, titled Application Security: 2011 & Beyond led by Dr Chenxi Wang, Lead Analyst at Forrester Research, provides valuable research, insights and recommendations for security and risk professionals...

Adam Shostack here. Lately, I’ve been focused on how we bring the engineering of usable security into the SDL. When I say usable security, I mean that for those times when we need to ask a user for input on something only they know. (For example, are you connecting to a coffee shop network or your...