SecurityRatty: tag: element

The STRIDE per Element Chart

2007-10-29 23:06:46 by sdl in The Security Development Lifecycle

...element chart in the sixth post of my threat modeling series. Id like to talk about where its from, some of the issues that come with that heritage, and how you might customize it in your own threat modeling process Michael Howard and Shawn Hernan did an analysis of our bulletins and some CERT and CVE data. Their goal was to validate work...

Tags: element chart, chart, stride, specific, specific threats, cve data, data, stride chart, threats

The New Threat Modeling Process

2007-10-02 01:15:35 by sdl in The Security Development Lifecycle

...elements are so important to me. For now, let me describe the process One of the largest changes that weve made is to a simplified process (and diagram). I like to say that this looks pretty much like every other software process diagram you see today. Thats intentional. Theres only so much we can expect people to take away from a class, and...

Tags: process, threat, process validation entails, threat model, software process diagram, people, people trust boundaries, love threat, hamster wheel

WPF Layout Tips

2007-12-20 08:38:00 by Keith Brown in Security Briefs

...element how much space it wants, and lays those children out in a wrapped fashion. Here's a simple example with two buttons One Two In the above case, the WrapPanel asks its children how much space they want. The buttons size themselves according to their content (in the example above, the text in each button determines its size). So...

Tags: layout, image, simple image, control, net repeater control, wpf, infinite space, image stretches, space

STRIDE chart

2007-09-11 23:18:00 by sdl in The Security Development Lifecycle

...element process. His recent posts are " Threat Modeling, Once Again ," " Threat modeling again. Drawing the diagram ," " Threat Modeling Again: STRIDE ," " Threat modeling again, STRIDE mitigations ," " Threat modeling again, what does STRIDE have to do with threat modeling ," " Threat modeling again, STRIDE per element ," " Threat modeling...

Tags: threat, stride, windows, windows source code, web site, stride mitigations, code, user, remote internet user

The C-I-A Triad weighed and found wanting

2007-04-12 04:54:18 by Perry Carpenter in Security Renaissance

...elements. The result is a set of security principles comprised of six elements The six principles of the Parkerian Hexad are Confidentiality Integrity Availability Possession Authenticity Utility The principles composing the Parkerian Hexad are non-overlapping; meaning that each principle is absolutely necessary to ensure that security is...

Tags: information security, information, parkerian hexad, parkerian hexad model, control information, principles, security principles, personal health information, parkerian hexad augments

Metrics and Audience

2008-04-19 09:52:00 by Security Retentive in Security Retentive

...element of the SDL contributes to reducing vulnerabilities. A percentage break out on how effective each element is, Training, Threat Modeling, Testing, at reducing vulnerability counts, especially as broken out by design/architecture defects and implementation defects At the same time, I'm willing to acknowledge that developing these...

Tags: software, software metric, software security folks, security folks, software security initiatives, security, measure software security, measure, metrics

More on the necessity of antivirus software

2007-09-25 17:53:47 by Steve Riley in Steve Riley on Security

...element in your suite of defensive technologies to help keep the bad guys at bay. In my post I'm simply explaining a personal tradeoff I've made on my own machines at home --that by not running as admin (which I didn't mention before), by using UAC, by relying on the firewall, and by training my family--I have made the decision not to use...

Tags: antivirus software, computers, client computers, similar self-control, control, involve tradeoffs, previous post, personal computers, post

Google Changes Privacy Policy

2007-03-15 08:31:00 by Eric Marvets in The Security Samurai

...element of the human condition. I hate to imagine the political spectrum in 20 years. If they can find a drunk driving arrest from the 70s now, what will they be able to dig up with your search, email, phone, and financial data at the fingertips of the established power base. Just because we use this data now to optimize search engines or...

Tags: privacy, google, privacy concerns, policy, google chat, financial data, data, google desktop, users privacy

Making Threat Modeling Work Better

2007-10-17 00:23:53 by sdl in The Security Development Lifecycle

...elements of the process. The first is the brainstorming meeting, and the second is the way trust boundaries may be placed The brainstorming meeting is a mainstay of expert threat modeling. Its pretty simple: you put your security experts in a room with system diagrams and a whiteboard. Usually, you put your system designers in there, and make...

Tags: threat, process, process helps ensure, developers threat model, database design process, security, trust boundaries, threat model, security experts

Links for 2008-01-16 [del.icio.us]

2008-01-17 00:00:00 by Editor in Anton Chuvakin Blog -

...element to the traditional approach of deploying applications and services; so much so that in many cases, the business has the potential to realize an opportunity to sidestep IT and Security altogether by being abl Rational Survivability: Security and Disruptive Innovation Part IV: Embracing Disruptive Innovation by Mapping to a Strategic...

Tags: security space saas, security space, security, disruptive innovation, information security risks, disruptive, rational survivability, security altogether, disruptive element

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo