Microsoft Application Threat Modeling Blog

Talhah has been blogging about Knowledge management and translation and some other stuff that nicely leads onto the larger picture of Application Risk Management. I will be doing a webcast presenting a high-level overview of Application Risk Management...

Threat Analysis and Modeling Tool (TAM) tool uses a interface to provide risk measurement plug-in functionality. Interface ICalculateRisk can be found under ACEServices.Torpedo2.TMObjectModel namespace. This namespace is available by importing TMObjectModel...

We’ve been getting a lot of queries around the drop-downs in the TAM tool to define things like Authentication Mechanism for roles or selecting Service Type or Technology for Components. The items in these lists are customizable and can be done so by...

The other day I was talking to someone about the next big project we’re working on around risk analysis and he used a phrase “knowledge management and translation” to describe what we’re trying to do. I think this is precisely correct. Any effective...

How many times have you tried to preach software security only to have someone ask you to show the return on investment (ROI)? As of late, I’m starting to see so many papers and articles trying to develop metrics (qualitative or quantitative) to show...