SecurityRatty: tag: sdl

SDL and Filtering

2008-03-13 15:00:00 by sdl in The Security Development Lifecycle

...SDL blog post. Ive been a program manager at Microsoft for almost nine years. In past roles at Microsoft I was the lead program manager for security response in the Windows Sustained Engineering group, and in my last role I was a project manager in the Microsoft Auto group that partnered with Ford Motor Company to create the SYNC device. I...

Tags: sdl, sdl requirements, product cycle, product, product team, sdl team, product type, type, code type

SDL Announcements at TechEd EMEA

2008-11-10 22:25:00 by sdl in The Security Development Lifecycle

...SDL Optimization Model, SDL Pro Network and the Microsoft SDL Threat Modeling Tool Beta! For those of you who are unaware of these initiatives heres a description of each SDL Optimization Model: The SDL Optimization Model was created to facilitate gradual, consistent and cost-effective implementation of the SDL in development organizations...

Tags: sdl, sdl pro network, sdl optimization model, sdl threat, sdl portal, microsoft sdl, security sessions, sessions, sdl theater sessions

MS08-067 and the SDL

2008-10-23 01:09:00 by sdl in The Security Development Lifecycle

...SDL Before I get into some of the details, it's important to understand that the SDL is designed as a multi-pronged security process to help systemically reduce security vulnerabilities. In theory, if one facet of the SDL process fails to prevent or catch a bug, then some other facet should prevent or catch the bug. The SDL also mandates the...

Tags: manual code review, code review, vulnerabilities, reduce security vulnerabilities, sdl, windows, windows server, sdl process fails, sdl process

"Walking" with the SDL - Part 1

2008-07-18 16:55:00 by sdl in The Security Development Lifecycle

...SDL . I used the imagery of learning to crawl, walk and run as a way to provide some basic starting points that would move your organization toward implementing a version of Microsofts Security Development Lifecycle (SDL In this series I am going to talk about Walking with the SDL. Walking is the point where your security development...

Tags: development, secure development practices, development culture, security development practices, sdl, security, security practices, perform security analysis, application security

About the SDL Pro Network

2008-09-19 03:12:00 by sdl in The Security Development Lifecycle

...SDL Threat Modeling Tool 3.0, the SDL Optimization Model and the SDL Pro Network . Since I was intimately involved with the creation of the SDL Pro Network, I thought I'd write a few words about our objectives and chat a bit about the thinking behind our partner choices for the pilot phase So, what are we hoping to gain by creating a network...

Tags: sdl, sdl pro network, sdl implementation, network, sdl delivery, sdl optimization model, quality, partner quality, security

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle

...SDL hardens Microsoft products, we are seeing attackers move elsewhere Third, I like to think about how the SDL might have caught the bugs. There is always a chance to learn from these occurrences, and we sometimes make tweaks to the SDL after vulnerabilities are discovered on other platforms or third-party code. And because the SDL is far...

Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers

More trustworthy election systems via SDL?

2008-02-04 23:34:00 by sdl in The Security Development Lifecycle

...SDL could help contribute towards societys need for trustworthy computing in a very visible and important application Lets start with the Source Code Review of the Sequoia Voting System . Two examples from the executive summary are interesting Cryptography . Many cryptographic functions are implemented incorrectly, based on weak algorithms...

Tags: machine security concerns, security concerns, election systems, election, security, security researchers, election systems margin, margin, election management system

Is Microsofts SDL Working?

2008-05-16 11:05:09 by Burton Group in Security and Risk Management Strategies Blog

...SDL) is the main product of its Trustworthy Computing Initiative, launched from the now-famous Bill Gates memo in 2002. Six years into the initiative, Microsoft surely must be reaping the benefits of, for example, the well-publicized security training every developer went through So, how do we determine whether the SDL is working? Microsoft...

Tags: sdl, sdl efforts, sdl effectiveness, microsoft, microsoft surely, specific microsoft platform, effectiveness, effectiveness level, microsoft suggests

Is Microsoft???s SDL Working?

2008-05-16 11:05:09 by Burton Group in Security and Risk Management Strategies Blog

...SDL) is the main product of its Trustworthy Computing Initiative, launched from the now-famous Bill Gates memo in 2002. Six years into the initiative, Microsoft surely must be reaping the benefits of, for example, the well-publicized security training every developer went through So, how do we determine whether the SDL is working? Microsoft...

Tags: sdl, microsoft, sdl efforts, sdl effectiveness, microsoft surely, specific microsoft platform, microsoft suggests, effectiveness, effectiveness level

"Crawling" Toward SDL

2008-03-06 22:13:00 by sdl in The Security Development Lifecycle

...SDL into their development lifecycles, this "crawl" phase toward full adoption of SDL is very important. Usually some person in an organization picks up on the principles of SDL and is ready to roll them out immediately. However, that person usually is faced with competing interests that complicate full adoption: the team is mid-stream in...

Tags: sdl, security, perform security analysis, application security, application, applications security, security issues, issues, non-microsoft sdl engagements

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo