Welcome to MSDN Blogs Sign in | Join | Help

May 2007 - Posts

Oil Change or Culture Change?
Hello all... Dave here. I have worked on security and privacy initiatives at Microsoft for a number of years, but it wasn’t until I came to the Security Engineering group to work on the Security Development Lifecycle that I realized I don’t actually work Read More...
Posted: Thursday, May 31, 2007 2:35 PM by sdl | 7 Comments
Testing in the SDL
James Whittaker here “You can’t test quality in.” It’s a truism coined long ago and an accepted fact of software development. Yet, for security, testing is arguably the most talked about aspect of the Security Development Lifecycle (SDL). When we get Read More...
Posted: Thursday, May 24, 2007 1:13 PM by sdl | 8 Comments
Blue Hat 5.0
Adam Shostack here. Last week, we held the 5th Blue Hat conference , focused on the “ Paradox of Innovation .” BlueHat is a conference where Microsoft brings applied security researchers to campus to speak to executives and engineers. I have both personal Read More...
Posted: Thursday, May 17, 2007 12:43 PM by sdl | 1 Comments
Privacy is not just about data security
Tina Knutson here... A few years back we integrated privacy into the SDL. Privacy and security often go hand-in-hand, but they are not the same thing. They often have the same objective, but the focus is different. When it comes to customer data, security Read More...
Posted: Thursday, May 10, 2007 10:43 AM by sdl | 5 Comments
Filed under:
Security Education v. Security Training
Dave Ladd here... There has been a lot of hoopla lately around "secure programming skills" – with not-so-thinly veiled condemnations of academicians and the role of the university in addressing the IT security problem. While it’s tempting to view education Read More...
Posted: Wednesday, May 02, 2007 3:57 PM by sdl | 7 Comments
Page view tracker