March 2009 - Posts
Adam here again. I wanted to expand on that last post a little. One of the core elements of the SDL is to bring together security experts and developers. To get those communities to mix, we need to look for all the insights we
Read More...
Adam Shostack here. I recently posted an article on my non-MS blog talking about some of the thinking which went into our threat modeling re-design. (It made sense as part of a series of posts there.) I wanted to tie the ideas in it
Read More...
Steve Lipner here. Last fall, I spent a half-day discussing the SDL with Gary McGraw and Sammy Migues of Cigital, and Brian Chess of Fortify. The three of them were on a whirlwind tour of software security teams across the IT industry with the objective
Read More...
Adam Shostack here. Forrester Research just released a report on threat modeling and the SDL . We're really excited to see this report affirming a critical component of the SDL, our approach to threat modeling and supporting tools. Forrester characterizes
Read More...
Hi all – Dave here… This past month marked the five year anniversary of the implementation of the SDL here at Microsoft. To mark that occasion, we had a recent series of posts from security veterans from those days as well as a couple of SDL War Story
Read More...
Hi everyone, Bryan here. RSA Conference is hosting a series of “encore” webcasts of popular presentations from past years, and I’m happy to announce that my 2008 session on Ajax Security (originally presented with Billy Hoffman of HP) was chosen for the
Read More...
