SEARCH RESULTS
 
Showing 1-10 of 37 records
 
Expand article

Is Microsofts SDL Working?

2008-05-16 11:05:09 by Burton Group in Security and Risk Management Strategies Blog
 
...Microsofts Security Development Lifecycle (SDL) is the main product of its Trustworthy Computing Initiative, launched from the now-famous Bill Gates memo in 2002. Six years into the initiative, Microsoft surely must be reaping the benefits of, for example, the well-publicized security training every developer went through So, how do we...
 
Tags: sdl, sdl efforts, sdl effectiveness, microsoft, microsoft surely, specific microsoft platform, effectiveness, effectiveness level, microsoft suggests
 
 
 
 
Expand article

Microsofts' spy patent can monitor even your heartbeat

2008-01-17 09:40:09 by Editor in Digg / Security
 
Every aspect of computer users lives from their heartbeat to a guilty smile could be monitored and immediately analysed under the futuristic system detailed in Microsofts patent application. The systems work not only through desktop or laptop computers but even through mobile phones or handheld PCs
 
Tags: microsofts patent application, computer users lives, mobile phones, handheld pcs, guilty smile, futuristic system, laptop computers, heartbeat, desktop
 
 
 
 
Expand article

Show 006 - An Interview with Michael Howard

The Article has images The Article has audio podcast
2006-09-28 20:11:47 by rmacmich in The Silver Bullet Security Podcast
...Microsofts Security Technology Unit. Michael has been at Microsoft since 1992 and discusses what it has been like watching the company come to grips with software security. Michael continues to play a key roll in implementing the Trustworthy Computing Initiative at Microsoft. Gary and Michael also discuss the security features of Windows...
 
Tags: michael, michael howard, michael continues, michael howards blog, desert island book, desert island, security features, features, trustworthy
 
 
 
 
Expand article

SDL and Web 2.0

2008-02-28 22:26:00 by sdl in The Security Development Lifecycle
 
...Microsofts proposed acquisition of Yahoo. George Hulme of InformationWeek wrote a very insightful column about the proposed acquisition and what it would mean for Yahoos Web 2.0 properties. My favorite quote from this column (probably my favorite quote from anyones column so far this year): theres still much to do in the [software] industry...
 
Tags: web, site, chriss web site, mashups, web mashups, site cookies, persistent cross-site, cookies, benefit anyones web
 
 
 
 
Expand article

Show 026 - An Interview with Adam Shostack

The Article has images
2008-05-15 19:17:01 by rmacmich in The Silver Bullet Security Podcast
...Microsofts Secure Development Lifecycle team who has also worked for Zero Knowledge and Reflective. Gary and Adam discuss how Adam got started in computer security, how art/literature informs Adams current work, and the main ideas behind Adams new book The New School of Information Security . They go on to chat about Adams aversion to the...
 
Tags: security, information security, role ieee security, ieee security, security expert, computer security, adam, privacy magazine, privacy magazine plays
 
 
 
 
Expand article

SDL Training

2008-05-29 15:22:00 by sdl in The Security Development Lifecycle
 
...Microsofts SDL process reflects that reality. The process is structured so that you really do have to look at each piece before you can sign off. But sometimes when others want to emulate the success of the SDL, they want to skip steps. They try to boil the SDL down into its component parts, like training, or tooling, or security response....
 
Tags: real behavior change, behavior, sdl, change peoples behavior, security, security guy, security defects, defects, security class
 
 
 
 
Expand article

We should all be this bad - Microsoft is dead, long live Microsoft!

2008-07-23 23:57:20 by HASH0x84728bc in StillSecure, After All These Years
 
...Microsofts best days are behind it and that their corporate grave is already being dug. Google is going to usher in a new age of net centric computing and topple the once and future king. Yeah sure. Don Dodge had a good article up the other day about Microsofts recent end of FY numbers. The Redmond rockets racked up over 60 billion (yeah with...
 
Tags: microsoft, revenue, gross revenue, billion, kill microsoft, article, dons article, microsofts recent, microsofts
 
 
 
 
Expand article

Ask the Auditor: Who is Responsible for Information Security?

2007-12-29 06:24:50 by Editor in Security Links
 
...Microsofts Security Risk Management Guide 5. The International Systems Security Engineering Association (ISSEA 6. How to Become an Information Security Professional 7. US Security AwarenessInformation Security Auditing 8. The SANS Institute and its SCORE Checklist Project: ISO 17799 9. The Center for Internet Security 10. The Information...
 
Tags: information, information security, information policy, information security risks, information assurance, information security governance, information security managers, information security management, assign information security
 
 
 
 
Expand article

Show 021 - A Panel Discussion with Cigitals Principals

The Article has images
2007-12-21 20:40:32 by rmacmich in The Silver Bullet Security Podcast
...Microsofts SDL, and the Security Touchpoints. They also ponder how much the security testing burden should fall on QA and whether developing expertise in architectural risk analysis or threat modeling is more helpful. John Steven also discusses the hole in his dining room, which threat modeling would not have helped to prevent Transcript of...
 
Tags: software security, security, principal consultant, cigitals principals, panel discussion, security touchpoints, owasp top, owasp, justice league blog
 
 
 
 
Expand article

The Trouble with Threat Modeling

2007-09-26 19:11:00 by sdl in The Security Development Lifecycle
 
...Microsofts product teams analyze the security of their designs by threat modeling. So Im very concerned about how well we threat model, and how to help folks I work with do it better. Id like to start that by talking about some of the things that make the design analysis process difficult, then what weve done to address those things. As each...
 
Tags: threat, threat models, threat model, reasons threat, service threat, term