SecurityRatty: tag: threat

Threat Modeling at Microsoft

2008-10-13 06:21:53 by schneier in Schneier on Security

...threat modeling products and services at Microsoft. Describes the current threat modeling methodology used in the Security Development Lifecycle. The methodology is a practical approach, usable by non-experts, centered on data ow diagrams and a threat enumeration technique of 'STRIDE per element.' The paper covers some lessons learned which...

Tags: paper, paper closes, security analysis techniques, paper covers, threat enumeration technique, security development lifecycle, microsoft, experience threat, current threat

The Trouble with Threat Modeling

2007-09-26 19:11:00 by sdl in The Security Development Lifecycle

...threat modeling. So Im very concerned about how well we threat model, and how to help folks I work with do it better. Id like to start that by talking about some of the things that make the design analysis process difficult, then what weve done to address those things. As each team starts a new product cycle, they have to decide how much time...

Tags: threat, threat models, threat model, reasons threat, service threat, term threat, threat effectively, playsound threat model, development process

Wrapping up Threat Modeling

2008-02-14 22:51:35 by sdl in The Security Development Lifecycle

...threat modeling blog posts process is that it can seem interminable. And so, in this final post, Id like to offer up some final thoughts on language, and cognitive load Specification versus Analysis When Larry Osterman was writing about threat modeling , he casually tossed out A threat model is a specification, just like your functional...

Tags: threat, threat modelers, threat models, threat model, design, design specification, specification, set, challenges set people

Getting into the Flow With Threat Modeling

2007-10-11 23:25:00 by sdl in The Security Development Lifecycle

...threat modeling. In this post, I want to explain one of the lenses that seemed to help us focus threat modeling, and how Ive applied it The concept of flow originated with Mihaly Csikszentmihalyi. It refers to a state where people are energetically involved with what theyre doing. Seeing this a few times during threat modeling sessions made...

Tags: threat, people develop skills, people, challenge people, flow, sdl threat, entire threat model, threat model, guide people

The New Threat Modeling Process

2007-10-02 01:15:35 by sdl in The Security Development Lifecycle

...threat modeling process. To summarize, what Ive tried to achieve in changing the process is to simplify, prescribe, and offer self-checks. Ill talk in the next post about why those three elements are so important to me. For now, let me describe the process One of the largest changes that weve made is to a simplified process (and diagram). I...

Tags: process, threat, process validation entails, threat model, software process diagram, people, people trust boundaries, love threat, hamster wheel

SDL Threat Modeling: Past, Present and Future

2008-06-17 21:59:50 by sdl in The Security Development Lifecycle

...Threat Modeling: Past, Present and Future There are a few points that I wanted to emphasize. The first is that I'm talking about threat modeling from the perspective of the SDL. We have other threat modeling processes here at Microsoft, and we're working to bring you more clarity in how we speak about them. For my part, I'll try to clearly...

Tags: sdl threat, sdl, threat, slides, lots, conference link, future, past, address

Making Threat Modeling Work Better

2007-10-17 00:23:53 by sdl in The Security Development Lifecycle

...threat modeling series. This post is a little less philosophical and a lot more prescriptive than the one about flow. It explains exactly how and why I changed a couple of elements of the process. The first is the brainstorming meeting, and the second is the way trust boundaries may be placed The brainstorming meeting is a mainstay of expert...

Tags: threat, process, process helps ensure, developers threat model, database design process, security, trust boundaries, threat model, security experts

Learn from the latest Internet Security Threat Report update

2008-04-17 13:00:00 by Editor in Computerworld Security News

...Threat Report Volume XIII. This newly released issue covers the six-month period from July 1 to December 31, 2007 This webcast summary of the Internet Security Threat Report will Provide a six month update of worldwide Internet threat activity, including analysis of network-based attacks, a review of known vulnerabilities, and highlights of...

Tags: webcast, webcast summary, malicious code reports, malicious code, free webcast, trends, current trends, data, internet threat data

Threat Modeling Self Checks and Rules of Thumb

2007-10-22 21:04:01 by sdl in The Security Development Lifecycle

...threat modeling series In my last post, I talked about how almost everyone in software draws on whiteboards regularly, and this makes it an ideal first step. Its an ideal first step because everyone can do it, see that theyve done it, and feel like theyre making progress That wasnt quite complete. Not only do we want people to see that theyve...

Tags: thumb, threat, rules, people threat, data, people, data sinks, thumb encourage flow, actual software

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo