Browse by Tags
All Tags »
threat modeling »
SDL (RSS)
Sorry, but there are no more tags available to filter with.
Hi, this week is a post from Michael Howard and Laura Machado de Wright, who both attended and presented at TechEd 2008 in Orlando the week of June 2 nd . First up is Laura. I have been a Security Program Manager for the last 3 years, working as a security
Read More...
Adam again. I hope you’re still enjoying this as we hit #5 in the threat modeling series. In my last post, I talked about how almost everyone in software draws on whiteboards regularly, and this makes it an ideal first step. It’s an ideal
Read More...
Adam Shostack here, with part four of my threat modeling series. This post is a little less philosophical and a lot more prescriptive than the one about flow. It explains exactly how and why I changed a couple of elements of the process. The first is
Read More...
Adam Shostack again, with the third in our series on threat modeling. In this post, I want to explain one of the ‘lenses’ that seemed to help us focus threat modeling, and how I’ve applied it. The concept of flow originated with Mihaly Csikszentmihalyi.
Read More...
Adam Shostack here, with the second post in my series on the evolved threat modeling process. To summarize, what I’ve tried to achieve in changing the process is to simplify, prescribe, and offer self-checks. I’ll talk in the next post about
Read More...
Adam Shostack here. I said recently that I wanted to talk more about what I do. The core of what I do is help Microsoft’s product teams analyze the security of their designs by threat modeling. So I’m very concerned about how well we threat model, and
Read More...
