March 2008 - Posts
Adam Shostack here. We think of the SDL as a cradle-to-grave process, where we build security into the product from conception until the end of support. One part of that process that doesn't get much attention on this blog is how we engage with vulnerability
Read More...
Hello everyone, Shawn Hernan here. I used to work on the SDL team, and I might have been a regular contributor to this space, but instead I joined the SQL Server security team. Ralph Hood, Microsoft SDL guru, asked me if I would contribute a post about
Read More...
Adam Shostack here. Blogger Ian Grigg has an interesting response to my threat modeling blog series, and I wanted to respond to it. In particular, Ian says “I then would prefer to see the threat - property matrix this way:” I wanted
Read More...
Hi, Ralph Hood here. I should probably take a minute to introduce myself since this is my first official SDL blog post. I’ve been a program manager at Microsoft for almost nine years. In past roles at Microsoft I was the lead program manager for security
Read More...
Hey everyone, Jeremy Dallman here. One of the phrases I often hear during vision and strategy planning meetings at Microsoft is "What is the crawl, walk, run?" We use this phrase to differentiate the initial activities that will get us quickly moving
Read More...
