http://blogs.msdn.com/sdl/archive/2007/05/31/oil-change-or-culture-change.aspxHello all... Dave here. I have worked on security and privacy initiatives at Microsoft for a number of years, but it wasn’t until I came to the Security Engineering group to work on the Security Development Lifecycle that I realized I don’t actually worken-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/sdl/archive/2007/05/31/oil-change-or-culture-change.aspx#3017842Fri, 01 Jun 2007 07:10:24 GMT91d46819-8472-40ad-a661-2c78acb4018c:3017842Michael Howard's Web Log<p>Dave Ladd has just posted a very interesting and thought provoking post over on the SDL blog: <a rel="nofollow" target="_new" href="http://blogs.msdn.com/sdl/archive/2007/05/31/oil-change-or-culture-change.asp">http://blogs.msdn.com/sdl/archive/2007/05/31/oil-change-or-culture-change.asp</a></p> http://blogs.msdn.com/sdl/archive/2007/05/31/oil-change-or-culture-change.aspx#3022631Fri, 01 Jun 2007 13:52:26 GMT91d46819-8472-40ad-a661-2c78acb4018c:3022631Rory.Blog<p>The Security Development Lifecycle : Oil Change or Culture Change? Really interesting point here on the Microsoft SDL blog about executive buy-in being critical to getting focus on security. I think that it actually applies to pretty much all security..</p> http://blogs.msdn.com/sdl/archive/2007/05/31/oil-change-or-culture-change.aspx#3053819Sun, 03 Jun 2007 07:05:07 GMT91d46819-8472-40ad-a661-2c78acb4018c:3053819asteingruebl<p>Dave,</p> <p>Great entry. &nbsp;I've been thinking about this in my own job and how the vast majority of what I'm doing in building my own program in this area is affecting culture change.</p> <p>On the root causes of the problem I think I'll throw in a third and its the general culture of software development vs. software engineering. &nbsp;I wrote a little more about it on my blog:</p> <p><a rel="nofollow" target="_new" href="http://securityretentive.blogspot.com/2007/06/more-thoughts-on-training.html">http://securityretentive.blogspot.com/2007/06/more-thoughts-on-training.html</a></p> http://blogs.msdn.com/sdl/archive/2007/05/31/oil-change-or-culture-change.aspx#3237799Tue, 12 Jun 2007 02:21:04 GMT91d46819-8472-40ad-a661-2c78acb4018c:3237799mattmurphy531<p>Not only does security awareness stop &quot;cold&quot; at the exec level, it's often like hitting a brick wall. &nbsp;To say it stops doesn't do justice to the problem, because when it *does* stop, it can completely derail an otherwise very effective process. &nbsp;If your priority and the CEO's priority conflict, your priority is functionally non-existent.</p> http://blogs.msdn.com/sdl/archive/2007/05/31/oil-change-or-culture-change.aspx#3520382Mon, 25 Jun 2007 17:15:22 GMT91d46819-8472-40ad-a661-2c78acb4018c:3520382MSDN Ireland Blog<p>a {color : #0033CC;} a:link {color: #0033CC;} a:visited.local {color: #0033CC;} a:visited {color : #800080;}</p> http://blogs.msdn.com/sdl/archive/2007/05/31/oil-change-or-culture-change.aspx#8373347Thu, 10 Apr 2008 00:45:34 GMT91d46819-8472-40ad-a661-2c78acb4018c:8373347The Security Development Lifecycle<p>Hello all – Dave here… I am currently at RSA and decided to take a few moments to blog about some updates</p> http://blogs.msdn.com/sdl/archive/2007/05/31/oil-change-or-culture-change.aspx#8762040Mon, 21 Jul 2008 20:01:15 GMT91d46819-8472-40ad-a661-2c78acb4018c:8762040The Security Development Lifecycle<p>Jeremy Dallman here with Part Two in my series on “Walking” with the SDL. In Part One , I provided a</p>