April 2008 - Posts
Ralph here, I wanted to let everyone know that Crispin Cowan has just started his own blog . Keep an eye on it for some great posts in the future.
Read More...
Adam Shostack here. I spoke at Toorcon this past weekend on "SDL Threat Modeling: Past, Present and Future." I wanted to share my slides to help clarify a bit about where SDL threat modeling is and why, and a bit about where we're going. (Click on the
Read More...
Hello, Michael here. A colleague sent me a link to a blog post from a couple of days ago: Pete Lindstrom of Burton Group blogged that Microsoft's SDL has Saved the World!! raising concerns about Microsoft using vulnerability counts as a means to measure
Read More...
Hi folks, Eric Bidstrup here. Last week at RSA, Microsoft Chief Research and Strategy Officer Craig Mundie spoke and outlined a proposed vision for “End to End Trust.” Much has and will be written on that, and additional information and discussions can
Read More...
Hello all – Dave here… I am currently at RSA and decided to take a few moments to blog about some updates to the Security Development Lifecycle. Admittedly, I have been “radio silent” on the blog for awhile – for those that know me, that’s usually a warning
Read More...
Hi everyone, Bryan Sullivan here. Here’s a quiz for you. Quick, tell me what page the following URL is going to take you to: http://www.somebank.com/welcome.aspx?p=http%3A%2F%2Fwww.somebank.com%2Flogin.aspx If you answered “www.somebank.com/welcome.aspx”,
Read More...
