SEARCH RESULTS
 
Showing 1-10 of 50 records
 
Expand article

SDL and Filtering

2008-03-13 15:00:00 by sdl in The Security Development Lifecycle
 
...SDL blog post. Ive been a program manager at Microsoft for almost nine years. In past roles at Microsoft I was the lead program manager for security response in the Windows Sustained Engineering group, and in my last role I was a project manager in the Microsoft Auto group that partnered with Ford Motor Company to create the SYNC device. I...
 
Tags: sdl, sdl requirements, product cycle, product, product team, sdl team, product type, type, code type
 
 
 
 
Expand article

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle
 
...SDL hardens Microsoft products, we are seeing attackers move elsewhere Third, I like to think about how the SDL might have caught the bugs. There is always a chance to learn from these occurrences, and we sometimes make tweaks to the SDL after vulnerabilities are discovered on other platforms or third-party code. And because the SDL is far...
 
Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers
 
 
 
 
Expand article

More trustworthy election systems via SDL?

2008-02-04 23:34:00 by sdl in The Security Development Lifecycle
 
...SDL could help contribute towards societys need for trustworthy computing in a very visible and important application Lets start with the Source Code Review of the Sequoia Voting System . Two examples from the executive summary are interesting Cryptography . Many cryptographic functions are implemented incorrectly, based on weak algorithms...
 
Tags: machine security concerns, security concerns, election systems, election, security, security researchers, election systems margin, margin, election management system
 
 
 
 
Expand article

Is Microsofts SDL Working?

2008-05-16 11:05:09 by Burton Group in Security and Risk Management Strategies Blog
 
...SDL) is the main product of its Trustworthy Computing Initiative, launched from the now-famous Bill Gates memo in 2002. Six years into the initiative, Microsoft surely must be reaping the benefits of, for example, the well-publicized security training every developer went through So, how do we determine whether the SDL is working? Microsoft...
 
Tags: sdl, sdl efforts, sdl effectiveness, microsoft, microsoft surely, specific microsoft platform, effectiveness, effectiveness level, microsoft suggests
 
 
 
 
Expand article

Is Microsoft???s SDL Working?

2008-05-16 11:05:09 by Burton Group in Security and Risk Management Strategies Blog
 
...SDL) is the main product of its Trustworthy Computing Initiative, launched from the now-famous Bill Gates memo in 2002. Six years into the initiative, Microsoft surely must be reaping the benefits of, for example, the well-publicized security training every developer went through So, how do we determine whether the SDL is working? Microsoft...
 
Tags: sdl, microsoft, sdl efforts, sdl effectiveness, microsoft surely, specific microsoft platform, microsoft suggests, effectiveness, effectiveness level
 
 
 
 
Expand article

"Crawling" Toward SDL

2008-03-06 22:13:00 by sdl in The Security Development Lifecycle
 
...SDL into their development lifecycles, this "crawl" phase toward full adoption of SDL is very important. Usually some person in an organization picks up on the principles of SDL and is ready to roll them out immediately. However, that person usually is faced with competing interests that complicate full adoption: the team is mid-stream in...
 
Tags: sdl, security, perform security analysis, application security, application, applications security, security issues, issues, non-microsoft sdl engagements
 
 
 
 
Expand article

Microsoft SDL Process in detail

2008-04-09 19:13:00 by sdl in The Security Development Lifecycle
 
...SDL and I think we have done a reasonably good job. Michael Howard has written some pretty interesting pieces on a wide variety of subjects; bug post-mortems, philosophical notes and the like. Adam Shostack did a fabulous job on the threat modeling series ; Eric Bidstrup took a deeper look at the perceived vs. real benefits of the Common...
 
Tags: sdl, microsoft sdl, sdl process, microsoft, sdl guidance, guidance, secure, secure software development, development
 
 
 
 
Expand article

SDL and Web 2.0

2008-02-28 22:26:00 by sdl in The Security Development Lifecycle
 
...SDL, but what exactly does the SDL have to say about Web 2.0 development? To answer this question, lets take a look at a couple of security issues that affect Web 2.0 applications and then dive into the corresponding SDL requirements Many Web 2.0 applications allow their end users to build and contribute to the application. Think about social...
 
Tags: web, site, chriss web site, mashups, web mashups, site cookies, persistent cross-site, cookies, benefit anyones web
 
 
 
 
Expand article

SDL Training

2008-05-29 15:22:00 by sdl in The Security Development Lifecycle
 
...SDL process reflects that reality. The process is structured so that you really do have to look at each piece before you can sign off. But sometimes when others want to emulate the success of the SDL, they want to skip steps. They try to boil the SDL down into its component parts, like training, or tooling, or security response. Maybe the...
 
Tags: real behavior change, behavior, sdl, change peoples behavior, security, security guy, security defects, defects, security class
 
 
 
 
Expand article

Visit the New SDL (Security Development Lifecycle) Web Site

The Article has images
2008-06-20 00:08:18 by jrjones in Jeff Jones Security Blog
...SDL) web site went up earlier this month on microsoft.com. Amazingly, you can navigate to it via http://www.microsoft.com/sdl , instead of some long name you'd never remember Of course, once you navigate to that URL, you get redirected to a long url that you'll never remember that is on the MSDN subsite, which is encouraging when you think...
 
Tags: sdl, sdl tool