Do the acronyms STRIDE or DREAD mean anything to you? When is the last time you used the terms "threat modeling" or "threat mitigation" in a conversation?
Security has become everyone's business, including software developers. Some of my partners have asked me for guidance on this topic. Through its Trustworthy Computing (TwC) initiative, Microsoft has made significant investments in updating its software development process to address security vulnerabilities in code and it has permeated the rest of the company.
I've invited some experts to come in and deliver a two-day workshop on Security Development Lifecycle-IT (SDL-IT) and how Microsoft uses this process for its internal line of business applications. The instructors will detail the milestones of the SDL-IT process and show how threat modeling may be used to define and manage risk in application development.
Register here if you are interested in signing up for this workshop to be held in Mountain View, CA on February 14-15. If you cannot make it, I've included a set of additional resources in case you are interested in this topic.
Please consider sharing any experience you may have on this topic by posting a comment. I look forward to hearing from you.
Additional Resources:Microsoft Security Developer CenterMicrosoft Developer Security Resource Kit