SEARCH RESULTS
 
Showing 1-5 of 5 records
1
 
Expand article

Making Threat Modeling Work Better

The Article has images
2007-10-17 00:23:53 by sdl in The Security Development Lifecycle
...redesign, standard mitigations, new mitigations, and risk acceptance. We have training on mitigating threats, we have explanation of why and when to use each (and theyre presented in a preferred order Lastly, we provide advice about how to validate the threat model and its relation to reality Between these four steps and the hamster wheel...
 
Tags: threat, process, process helps ensure, developers threat model, database design process, security, trust boundaries, threat model, security experts
 
 
 
 
Expand article

The New Threat Modeling Process

The Article has images
2007-10-02 01:15:35 by sdl in The Security Development Lifecycle
...Redesign to eliminate threats b. Use standard mitigations, such as those provided by OS features, to mitigate threats c. Invent new mitigations, understanding that this is a subtle art d. Accept risk, when allowed by the SDL 5. Validate There are two levels of validation. The first is within each stage, the second is a validation pass at the...
 
Tags: process, threat, process validation entails, threat model, software process diagram, people, people trust boundaries, love threat, hamster wheel
 
 
 
 
Expand article

Reverse-Engineering Exploits from Patches

2008-04-23 13:35:08 by schneier in Schneier on Security
 
...redesign Windows Update. We propose solutions which prevent several possible schemes, some of which could be done with existing technology Full paper here
 
Tags: exploit, security patch, exploit code, patch, security vulnerability, simply wait, redesign windows, propose solutions, vulnerable hosts
 
 
 
 
Expand article

The web browser is sick but wheres the cure?

2008-08-14 11:11:14 by Burton Group in Security and Risk Management Strategies Blog
 
...redesign that will undoubtedly impact compatibility, the ever-so-desired multi-functionality, or its ease of use. We can layer defenses by using web filtering in the enterprise environment, but in the end for the consumer market in particular we need to fix the browser itself. I can think of a few things I think might help Some kind of site...
 
Tags: browser, web browser, browser appears, web, cure, browser security, content, runs active content, browsers cure
 
 
 
 
Expand article

The web browser is sick ??? but where???s the cure?

2008-08-14 11:11:14 by Burton Group in Security and Risk Management Strategies Blog
 
...redesign that will undoubtedly impact compatibility, the ever-so-desired multi-functionality, or its ease of use. We can layer defenses by using web filtering in the enterprise environment, but in the end ??? for the consumer market in particular ??? we need to fix the browser itself. I can think of a few things I think might help Some kind...
 
Tags: browser, web browser, browser appears, browser security, web, content, runs active content, web page, system controls
 
 
 
 
 
Showing 1-5 of 5 records
1
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia