Welcome to MSDN Blogs Sign in | Join | Help

News

September 2007 - Posts

The Trouble with Threat Modeling
Adam Shostack here. I said recently that I wanted to talk more about what I do. The core of what I do is help Microsoft’s product teams analyze the security of their designs by threat modeling. So I’m very concerned about how well we threat model, and Read More...
Posted: Wednesday, September 26, 2007 12:11 PM by sdl | 5 Comments
Filed under: ,
Fuzz Testing at Microsoft and the Triage Process
Scott Lambert here. I work on the Security Engineering Tools team where we're responsible for researching, developing and publishing tools to internal product and service teams. These include fuzzing, binary analysis and attack surface analysis tools. Read More...
Posted: Thursday, September 20, 2007 11:52 AM by sdl | 3 Comments
IATAC and SDL
Hello all - Dave here... Booz Allen Hamilton recently released a State-of-the-Art Report (SOAR) on Software Security Assurance on behalf of the Information Assurance Technology Analysis Center (IATAC); an analysis and consulting group sponsored by the Read More...
Posted: Thursday, September 13, 2007 8:09 PM by sdl | 1 Comments
STRIDE chart
Adam Shostack here. I've been meaning to talk more about what I actually do, which is help the teams within Microsoft who are threat modeling (for our boxed software) to do their jobs better. Better means faster, cheaper or more effectively. There are Read More...
Posted: Tuesday, September 11, 2007 4:18 PM by sdl | 1 Comments
Page view tracker