August 2009 - Posts
Adam here. I’ve learned to love STRIDE as a framework for thinking about threats, but it makes a lousy classification system. That is, I can look at a system to find information disclosure threats, but once I have an attack that leaks, say, the location
Read More...
Hi, Bryan here. For any of you that might not have seen the movie Sneakers , I’ll try to not spoil the plot completely for you, but the main storyline revolves around a “little black box” that a scientist has developed that can automatically defeat asymmetric
Read More...
Hello, Michael here. A word of warning, this is purely an “FYI” post that has very little to do with SDL policy! I get this question, “How do I call various SDL-mandated APIs before my code starts?” about once a month, so I decided to write about it so
Read More...
