Welcome to MSDN Blogs Sign in | Join | Help

News

February 2009 - Posts

SDL Threat Modeling Tool 3.1.4 ships!
Adam here.  We’re pleased to announce version 3.1.4 of the SDL Threat Modeling Tool.  A big thanks to all our beta testers who reported issues in the forum ! In this release, we fixed many bugs, learned that we needed a little more flexibility Read More...
Posted: Tuesday, February 24, 2009 5:20 PM by sdl | 1 Comments
Early Days of the SDL, Part Four
Steve Lipner here. By late 2001, our security teams had been reorganized and I was managing both the Microsoft Security Response Center (MSRC) and the “Secure Windows Initiative” (SWI). MSRC handled Microsoft’s reaction to vulnerabilities and their exploitation, Read More...
Posted: Monday, February 23, 2009 4:56 PM by sdl | 0 Comments
Early Days of the SDL, Part Three
Glenn here. It’s easy to look back on a career in software and see the highlights in terms of the big features pushed to meet a customer need, the milestones met, and the products shipped; but one of the highlights of mine was a fairly innocuous off-site Read More...
Posted: Friday, February 20, 2009 11:02 AM by sdl | 1 Comments
Early Days of the SDL, Part Two
Hi everyone, Chris Walker here. Prior to the Windows Security Push of February 2002, security testing was rather spotty in the Windows organization. Both the Internet Explorer team and the Internet Information Server (IIS) team had mature efforts oriented Read More...
Posted: Thursday, February 19, 2009 5:07 PM by sdl | 1 Comments
Early Days of the SDL, Part One
Hi everyone, Michael here. Even though 2001 and 2002 are a distant memory for many people, those years are still fresh in my mind; not because of CodeRed or Nimda, even though I had worked in the IIS team , but because of the important security work we Read More...
Posted: Wednesday, February 18, 2009 11:00 AM by sdl | 2 Comments
SDL War Story Videos
Watch short interviews with Mike Howard and Steve Lipner about the real-life conflicts that led to the creation of the SDL, plus the challenges and successes in implementing it at Microsoft. http://www.microsoft.com/security/bakingsecurityin/video.ht Read More...
Posted: Wednesday, February 18, 2009 10:56 AM by sdl | 1 Comments
One Tool Does not Rule them All
Hello, Michael here... Over the last couple of years, I've released information about various Microsoft product security bugs that required security bulletins to explain why the SDL missed the bugs (if indeed it did) and what defenses came into play (if Read More...
Posted: Thursday, February 12, 2009 1:40 PM by sdl | 2 Comments
Clickjacking Defense in IE8
Bryan here. The Internet Explorer team released the first public release candidate build of IE8 last week, which includes some very handy new security features I’d like to talk about. Steve and I have both blogged about the IE8 Cross-Site Scripting (XSS) Read More...
Posted: Thursday, February 05, 2009 5:19 PM by sdl | 2 Comments
Page view tracker