Welcome to MSDN Blogs Sign in | Join | Help

News

July 2008 - Posts

What do you want to know about SDL threat modeling?
Adam Shostack here. I'm working on a paper about "Experiences Threat Modeling at Microsoft" for an academic workshop on security modeling. I have some content that I think is pretty good, but I realize that I don't know all the questions that readers Read More...
Posted: Thursday, July 31, 2008 5:27 PM by sdl | 1 Comments
Filed under:
Improve Security with "A Layer of Hurt"
Hello, Michael here. I got a lot of interesting comments from my TechEd 2008 presentation entitled, "How To Review Your Code And Test For Security Bugs," but the most comments and questions were reserved for fuzz testing; I was blown away by the number Read More...
Posted: Thursday, July 31, 2008 12:13 PM by sdl | 4 Comments
Filed under:
Wrapping up "Walking" with the SDL
Jeremy Dallman here. Before we move on with our regularly-scheduled programming here at the SDL blog, I wanted to pull all of the “Walking with the SDL” blog posts into a single document to put it all together in another format. You can find that document Read More...
Posted: Wednesday, July 30, 2008 12:16 PM by sdl | 1 Comments
Filed under: ,
"Walking" with the SDL - Part 4
Jeremy Dallman here with the final piece of my multi-part series on “Walking” with the Security Development Lifecycle (SDL) [ Part 1 , Part 2 , Part 3 ]. So far I have discussed getting management approval, expanding security training, formalizing security Read More...
Posted: Friday, July 25, 2008 1:49 PM by sdl | 1 Comments
Filed under: ,
"Walking" with the SDL - Part 3
Jeremy Dallman here. This is Part Three in my multi-part series on “Walking” with the Security Development Lifecycle (SDL) [ Part 1 , Part 2 ]. So far I have discussed getting management approval and expanding security training. In this post I will discuss Read More...
Posted: Wednesday, July 23, 2008 9:43 AM by sdl | 1 Comments
Filed under: ,
“Walking” with the SDL – Part 2
Jeremy Dallman here with Part Two in my series on “Walking” with the SDL. In Part One , I provided a snapshot of “Crawling” and discussed getting management approval. In Part Two, I will cover a couple more “Walk” components: expanding security training Read More...
Posted: Monday, July 21, 2008 9:56 AM by sdl | 3 Comments
Filed under: ,
"Walking" with the SDL - Part 1
Jeremy Dallman here. Back in March I wrote a post about “Crawling” Toward SDL . I used the imagery of learning to “crawl, walk and run” as a way to provide some basic starting points that would move your organization toward implementing a version of Microsoft’s Read More...
Posted: Friday, July 18, 2008 9:55 AM by sdl | 6 Comments
Filed under: ,
New SDL Website
Hi all, Dave here… I’m pleased to announce the availability of new resources for the Microsoft Security Development Lifecycle (SDL). We have recently launched a dedicated SDL website at www.microsoft.com/sdl . This website will serve as the main online Read More...
Posted: Thursday, July 10, 2008 2:47 PM by sdl | 3 Comments
Page view tracker