For Microsoft, the first inhouse documenting of Threat Modeling took place all the way back in 1999 via “Threats to our software” authored by Jason Garms, Praerit Garg and Michael Howard. With time, the methodology evolved and culminated with the introduction of the Security Development Lifecycle. Threat ... |
9 October 2008
07:44 GMT |
 |
|
If you think that the Secure Development Lifecycle over at Microsoft is just a model for building software products designed to offer the highest possible level of user protection by default, then you should know that there is more than meets the eye. The fact of the matter is that there is an entire psychology behin... |
15 October 2007
10:44 GMT |
|
|
There are but five general steps to the threat modeling process applied to software development inhouse at Microsoft. Adam Shostack, a Program Manager in Microsoft's Security Engineering group, revealed that the threat modeling process has been streamlined in order to tailorfit even the most basic software devel... |
3 October 2007
04:43 GMT |
|
|
Microsoft provides the first line of defense to its software, but at the same time, the company is the first attacker testing the integrity of the code it produces against attacks. This is done via threat modeling. Essentially, threat modeling is a structured strategy set up in order to identify the inherent risks as... |
28 September 2007
09:17 GMT |
|
|
STRIDE is a Microsoft threat modeling system. Essentially, STRIDE is a collection of acronyms designed to assess and classify threats including Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. You have to know first of all that STRIDE is by no means the official... |
5 September 2007
10:16 GMT |
|
|
Find us on Google+
