SEARCH RESULTS
 
Showing 1-10 of 25 records
 
Expand article

About the SDL Pro Network

2008-09-19 03:12:00 by sdl in The Security Development Lifecycle
 
Hello all, Dave here I expect that a number of you have seen the announcement and various press articles or Steve Lipner's Tuesday post about our launch of the SDL Threat Modeling Tool 3.0, the SDL Optimization Model and the SDL Pro Network . Since I was intimately involved with the creation of the SDL Pro Network, I thought I'd write a few...
 
Tags: sdl, sdl pro network, sdl implementation, network, sdl delivery, sdl optimization model, quality, partner quality, security
 
 
 
 
Expand article

Is Microsofts SDL Working?

2008-05-16 11:05:09 by Burton Group in Security and Risk Management Strategies Blog
 
Blogger: Pete Lindstrom Microsofts Security Development Lifecycle (SDL) is the main product of its Trustworthy Computing Initiative, launched from the now-famous Bill Gates memo in 2002. Six years into the initiative, Microsoft surely must be reaping the benefits of, for example, the well-publicized security training every developer went...
 
Tags: sdl, sdl efforts, sdl effectiveness, microsoft, microsoft surely, specific microsoft platform, effectiveness, effectiveness level, microsoft suggests
 
 
 
 
Expand article

Is Microsoft???s SDL Working?

2008-05-16 11:05:09 by Burton Group in Security and Risk Management Strategies Blog
 
Blogger: Pete Lindstrom Microsoft???s Security Development Lifecycle (SDL) is the main product of its Trustworthy Computing Initiative, launched from the now-famous Bill Gates memo in 2002. Six years into the initiative, Microsoft surely must be reaping the benefits of, for example, the well-publicized security training every developer went...
 
Tags: sdl, microsoft, sdl efforts, sdl effectiveness, microsoft surely, specific microsoft platform, microsoft suggests, effectiveness, effectiveness level
 
 
 
 
Expand article

"Crawling" Toward SDL

2008-03-06 22:13:00 by sdl in The Security Development Lifecycle
 
Hey everyone, Jeremy Dallman here One of the phrases I often hear during vision and strategy planning meetings at Microsoft is "What is the crawl, walk, run?" We use this phrase to differentiate the initial activities that will get us quickly moving toward our larger goals and then supplement them with other activities that may require longer...
 
Tags: sdl, security, perform security analysis, application security, application, applications security, security issues, issues, non-microsoft sdl engagements
 
 
 
 
Expand article

New SDL Website

2008-07-10 21:47:00 by sdl in The Security Development Lifecycle
 
Hi all, Dave here Im pleased to announce the availability of new resources for the Microsoft Security Development Lifecycle (SDL We have recently launched a dedicated SDL website at www.microsoft.com/sdl . This website will serve as the main online presence for all SDL related communications and resources from Microsoft For several years now the...
 
Tags: sdl, sdl website, security, security analysts, significant security improvements, sdl processes, website, security improvements, microsoft
 
 
 
 
Expand article

"Walking" with the SDL - Part 4

2008-07-25 20:49:00 by sdl in The Security Development Lifecycle
 
Jeremy Dallman here with the final piece of my multi-part series on Walking with the Security Development Lifecycle (SDL) [ Part 1 , Part 2 , Part 3 ]. So far I have discussed getting management approval, expanding security training, formalizing security requirements and effective ways to reuse your threat model or attack surface review data. In...
 
Tags: team, product team, requirements, define requirements, security requirements, security, final security report, threat models, re-review threat models
 
 
 
 
Expand article

SDL Press Tour Announcements

2008-09-16 16:04:00 by sdl in The Security Development Lifecycle
 
Steve Lipner here Last week I participated in a press tour talking to press and analysts about the evolution of the SDL. Most of our past discussions with press and analysts have centered on folks who follow security, but this time we also spoke with publications and analysts who write for software development organizations. I was struck by the...
 
Tags: development, secure development practices, software development organizations, development process, press, secure development, press tour, sdl, practices
 
 
 
 
Expand article

SDL and "End to End Trust"

2008-04-17 00:15:00 by sdl in The Security Development Lifecycle
 
Hi folks, Eric Bidstrup here Last week at RSA, Microsoft Chief Research and Strategy Officer Craig Mundie spoke and outlined a proposed vision for End to End Trust. Much has and will be written on that, and additional information and discussions can be found at the End to End Trust portal http://www.microsoft.com/endtoendtrust . In many ways,...
 
Tags: trust, broader, broader discussion, trust portal, technology, technology progress, broader vision, speech recognition, computer speech recognition
 
 
 
 
Expand article

SDL Threat Modeling @ ToorCon

2008-04-24 23:30:00 by sdl in The Security Development Lifecycle
 
Adam Shostack here. I spoke at Toorcon this past weekend on "SDL Threat Modeling: Past, Present and Future." I wanted to share my slides to help clarify a bit about where SDL threat modeling is and why, and a bit about where we're going Click on the post title, and you'll see an attachment in the per-post page
 
Tags: sdl threat, past weekend, past, per-post page, post title, bit, toorcon, adam shostack, attachment
 
 
 
 
Expand article

Oh No! Security Metrics!

2008-04-18 12:43:00 by sdl in The Security Development Lifecycle
 
Hello, Michael here A colleague sent me a link to a blog post from a couple of days ago: Pete Lindstrom of Burton Group blogged that Microsoft's SDL has Saved the World!! raising concerns about Microsoft using vulnerability counts as a means to measure security improvement resulting from the SDL I've raised this topic before, in my blog post The...
 
Tags: bugs, implementation bugs, fewer security bugs, fewer, security bugs include, security, metrics, security metrics, security bugs