SEARCH RESULTS
 
Showing 1-10 of 269 records
 
Expand article

Shimel's rules of business development and negotiating - Keep your eye on the prize

2008-06-13 12:39:00 by HASH0x8b0a484 in StillSecure, After All These Years
 
...development. The biz dev role is something I have done for a long time for several companies. Having a decent grasp of technology, insight into business and my legal training have helped me to conclude many successful business deals over the many years I have been at it. Over the years I have also had the opportunity to work with many good...
 
Tags: business, deals drag, deals, successful business deals, business terms, people, biz dev people, single agreement, single
 
 
 
 
Expand article

Visit the New SDL (Security Development Lifecycle) Web Site

The Article has images
2008-06-20 00:08:18 by jrjones in Jeff Jones Security Blog
...Development Lifecycle (SDL) web site went up earlier this month on microsoft.com. Amazingly, you can navigate to it via http://www.microsoft.com/sdl , instead of some long name you'd never remember Of course, once you navigate to that URL, you get redirected to a long url that you'll never remember that is on the MSDN subsite, which is...
 
Tags: sdl, sdl tools repository, sdl process guidance, sdl home page, security, security development lifecycle, sdl-like processes, web site, process
 
 
 
 
Expand article

Shimel's rules of business development and negotiating - Keep your eye on the prize

2008-06-13 13:39:00 by ashimmy in StillSecure, After All These Years
 
...development. The biz dev role is something I have done for a long time for several companies. Having a decent grasp of technology, insight into business and my legal training have helped me to conclude many successful business deals over the many years I have been at it. Over the years I have also had the opportunity to work with many good...
 
Tags: business, deals drag, deals, successful business deals, business terms, people, biz dev people, single agreement, single
 
 
 
 
Expand article

Yet another benefit of executive support for SDL...

2007-11-15 23:04:00 by sdl in The Security Development Lifecycle
 
...development efforts even more As we have alluded to many times in the past, our success with the SDL has been predicated on a number of factors - however I'd like to focus on one very important factor - namely executive support for the work that we do One could argue that the support we receive from executive management is borne out of...
 
Tags: community, security researcher community, security, security tools, security efforts, security tool development, windows security assurance, security science team, team
 
 
 
 
Expand article

Walking with the SDL Part 2

2008-07-21 16:56:00 by sdl in The Security Development Lifecycle
 
...Development Lifecycle (SDL). Walking is the point where your security development practices become a lifecycle a repeatable, reusable process that makes security a part of your development culture. To relate the analogy to SDL a bit more closely, think of crawling as the SD in SDL. For this post, well continue to talk about walking or adding...
 
Tags: define security requirements, security requirements, requirements, security, security development lifecycle, development lifecycle, security pulse, perform security analysis, principles
 
 
 
 
Expand article

"Walking" with the SDL - Part 1

2008-07-18 16:55:00 by sdl in The Security Development Lifecycle
 
...Development Lifecycle (SDL In this series I am going to talk about Walking with the SDL. Walking is the point where your security development practices become a lifecycle a repeatable, mostly reusable process that makes security a part of your development culture. To relate the analogy to SDL a bit more closely, think of crawling as the SD in...
 
Tags: development, secure development practices, development culture, security development practices, sdl, security, security practices, perform security analysis, application security
 
 
 
 
Expand article

"Walking" with the SDL - Part 4

2008-07-25 20:49:00 by sdl in The Security Development Lifecycle
 
...Development Lifecycle (SDL) [ Part 1 , Part 2 , Part 3 ]. So far I have discussed getting management approval, expanding security training, formalizing security requirements and effective ways to reuse your threat model or attack surface review data. In this post, I will wrap up with a look into setting up final security reviews and managing...
 
Tags: team, product team, requirements, define requirements, security requirements, security, final security report, threat models, re-review threat models
 
 
 
 
Expand article

Microsoft SDL Process in detail

2008-04-09 19:13:00 by sdl in The Security Development Lifecycle
 
...Development Lifecycle. Admittedly, I have been radio silent on the blog for awhile for those that know me, thats usually a warning signal that I am cooking something up Anyway, back when we first started this blog we promised that you would see more about the particulars of the SDL and I think we have done a reasonably good job. Michael...
 
Tags: sdl, microsoft sdl, sdl process, microsoft, sdl guidance, guidance, secure, secure software development, development
 
 
 
 
Expand article

Getting vulnerabilities in the application fixed

2007-10-27 13:20:07 by RaviC in Musings on Information Security
 
...development manager gets away by using the busy excuse. One approach that I suggest you could is to rank the vulnerabilities based on "severity" (how bad if the vulnerability is exploited) and "threat" (how likely the vulnerability exploit is) and communicate this list to the software development team. Give the software development manager...
 
Tags: vulnerabilities, software development manager, vulnerabilities based, risk acceptance form, risk, severitythreat vulnerabilities, form, form acknowledge, application