Microsoft hosts OEM partners for a crash-course in SDL (Day One)

Published 07 November 06 10:31 PM

As part of our ongoing SDL efforts, we are hosting a 2.5 day event here in Redmond for our OEM partners – over 50 senior technical experts from the biggest names in the computer industry. Out of respect for our partners I won’t name names, but the “usual suspects” are in attendance.  There was also representation from the chipset manufacturers and hardware component suppliers to the OEMs.  The discussions are technical and to their credit, the participating companies sent their “A teams” to learn about the SDL process and how they can use it within their organizations.

We are presenting the same content that we give to our own engineers on a variety of SDL topics. Matt Thomlinson provided the opening remarks and some historical context around the security efforts at Microsoft. Shawn Hernan provided the actual “introduction” to the SDL – explaining the process - what we do, why we do it, and data showing our results to date.  After that, Adam Shostack presented an in-depth session on Threat Modeling – an integral part of the SDL. I taught a lively 3-hr session on Secure Coding (go figure!) and we ended the day with a talk by Dan Kaminsky of IOActive on the “hacker viewpoint” – essentially a discussion of the Vista security efforts and his views on the next targets of opportunity for the hacker community.  All in all it was a great first day – lucid questions and insightful feedback.

Tomorrow we move into testing and verification – James Whittaker leads off on Security Testing followed by Bill Shihara talking about security tools.  Should be good!

by michael_HOWARD
Filed under:

Comments

# Dragan Pleskonjic said on November 8, 2006 3:10 PM:

I'm just reading your book "The Security Development Lifecycle". Do you plan any similar SDL course or training for other software development companies?

# Anonymous said on November 9, 2006 12:50 AM:

Interesting course. Are you doing to host same course in future? What's the process for enrolling in this course?

# Security Curve Weblog said on November 9, 2006 2:42 PM:

If you follow the same blogs that I do, you're probably already aware of the fact that Microsoft is hosting a series of discussions with their OEM partners about the SDL (Security Development Lifecycle.) First of all, let me say that I'm seriously jealous

# Michael Howard's Web Log said on December 6, 2006 1:20 AM:

As I mentioned in a previous series of posts , we recently had all the major OEMs on campus to discuss

# Michael Howard's Web Log said on April 17, 2007 1:24 AM:

At the end of June my family and I are moving to Austin, Texas. I’ll still be doing a lot of the same

# The Security Development Lifecycle said on June 14, 2007 6:13 PM:

Hi – Dave here. If you have read Michael Howard’s blog for a while, you may recall that our team held

New Comments to this post are disabled
Page view tracker