Microsoft Application Threat Modeling Blog

I just posted a blog entry on the main drivers behind CTL in TAM v3.0. You can check it out at IST...

Date: 07/30/2009

I am excited to say that Threat Analysis and Modeling (TAM) 3.0 Beta is now live on download center....

Date: 07/23/2009

Last time we briefly talked about releasing TAM v3.0 this year. With each week we’re inching closer...

Date: 07/20/2009

Been a little quiet lately on TAM related news but head over to Channel9 to hear RV talk about...

Date: 06/30/2009

My colleague Mark Curphey made available a chapter he wrote for a recently released security book. I...

Date: 06/26/2009

Tax Season! I came across a scenario that I wanted to share… Scenario: You have some tax application...

Date: 03/17/2009

Very excited to announce that the SDL folks have released v3.1.4 of the SDL Threat Modeling Tool, as...

Date: 03/03/2009

Continuing our work to share the tools and techniques we use internally to maintain a secure...

Date: 12/15/2008

We're really excited that our colleagues over in the SDL team have released a beta of their threat...

Date: 11/20/2008

Even though this blog’s focus has always been the ACE Threat Modeling tool and methodology which is...

Date: 09/19/2008

Great post by my friend and colleague around threat modeling in a series he's doing on application...

Date: 06/18/2008

Threat Modeling is one those ‘sciences’ that is just now starting to gel into something...

Date: 05/29/2008

Threat Modeling is no longer the obscure magic is used to be. With the creation of tools like the...

Date: 05/22/2008

An awesome site to check out which also includes virtual labs you can leverage for secure coding!...

Date: 05/05/2008

One of the most frequent questions we get is that someone is using a technology that is not listed...

Date: 03/17/2008

Raffaele Rialdi, a Microsoft Developer Security MVP, sits down with Lori Grosland at TechEd ATE in...

Date: 02/18/2008

IEEE paper on the TAM tool. "Ford Motor Company is currently introducing threat modeling on...

Date: 01/08/2008

There is a discussion I had recently with a few folks over email around threat modeling that I...

Date: 10/30/2007

Mark Curphey (newest member of ACE) recently did a post on a set of tools we have in our portfolio...

Date: 10/25/2007

I've talked about threat modeling being one part of the overall information security puzzle... there...

Date: 10/23/2007

A common challenge for folks looking at threat modeling as a control to potentially help them secure...

Date: 08/27/2007

Threat profile is a very interesting concept that identifies the complete set of threats in a given...

Date: 06/19/2007

How can I get a great and secure product without killing myself? This is not just a question for...

Date: 06/18/2007

In the past we have been relying on the web browser to provide/restrict the user interface for...

Date: 06/18/2007

I recently did a TechNet webcast to talk about how Microsoft IT Manages Security Knowledge for...

Date: 05/18/2007

The new build contains a few fixes including one for problem that caused the threat model documents...

Date: 04/04/2007

Some tips to work with Threat Analysis and Modeling Tool, these could be useful specially when...

Date: 02/18/2007

Threat Analysis and Modeling contains lot of shortcuts for the most used functionality in the tool....

Date: 02/12/2007

The new version of th tool can be downloaded from https://go.microsoft.com/fwlink?linkid=77002. New...

Date: 02/09/2007

[UDPATE] Auto-Save feature does not work as expected, this feature might give you errors and...

Date: 01/31/2007

I did an interview a while back on Channel9 on our threat modeling tool and process... it went up a...

Date: 12/18/2006

[UDPATE] The download is now live. [UPDATE] Please send feedback & feature requests to...

Date: 11/30/2006

TAM v2.1 introduces a new security model for the plug-in under which the behavior of the plug-in can...

Date: 10/30/2006

ACE Team is on Channel9. This is the 1st part of the interview (there is a part on the TM tool as...

Date: 10/25/2006

TAM v2.1 supports multiple risk measurement techniques by allowing the user to specify a plug-in to...

Date: 10/12/2006

As business process automation started to take hold in the early 1990s, organizations began to...

Date: 10/04/2006

As a part of the MSDN Security on the Brain Series of Conferences, there is a virtual conference on...

Date: 09/20/2006

Talhah has been blogging about Knowledge management and translation and some other stuff that nicely...

Date: 08/31/2006

Threat Analysis and Modeling Tool (TAM) tool uses a interface to provide risk measurement plug-in...

Date: 08/30/2006

We’ve been getting a lot of queries around the drop-downs in the TAM tool to define things like...

Date: 08/17/2006

The other day I was talking to someone about the next big project we’re working on around risk...

Date: 08/15/2006

How many times have you tried to preach software security only to have someone ask you to show the...

Date: 08/10/2006

Well, I joined the Microsoft ACE Team in May 2006. Having seen the Threat Modeling tool from the...

Date: 07/25/2006

RTM version of the Threat Analysis and Modeling Tool v2.0 is now available here. Thank you for using...

Date: 07/06/2006

[Update] RC2 is live now and can be download from here, we had some technical difficulties earlier....

Date: 06/28/2006

We’re on track and got done with RC2 as of Friday and have released it internally. We’re not...

Date: 06/18/2006

Rocky's got a great video on assembly hijacking here (see "Presentation Videos" on left-hand side)....

Date: 05/26/2006

RC1 of the Threat Analysis & Modeling v2.0 is available for download here. Aside from bug fixes...

Date: 05/22/2006

The ACE Team is hiring... check out this post. -Talhah

Date: 04/22/2006

Mark Groves, one the of PMs on the Visual Studio Team System for Software Architects (VSTESA) team...

Date: 04/17/2006

Next>