Roger Halbheer on Security » Threat Modeling http://www.halbheer.ch/security Information Security Discussion by Microsoft's Worldwide Chief Security Advisor. Thu, 12 Jan 2012 19:53:16 +0000 en hourly 1 Security Development Lifecycle – Website! http://www.halbheer.ch/security/2010/03/08/security-development-lifecycle-website/ http://www.halbheer.ch/security/2010/03/08/security-development-lifecycle-website/#comments Mon, 08 Mar 2010 08:30:13 +0000 Roger Halbheer http://www.halbheer.info/security/2010/03/08/security-development-lifecycle-website I often talk about how we learned to engineer security into the products and the results prove that we are on the right track. One of the challenges we always have is how to help the ecosystem to improve as well. One of the ways is to communicate through our website. Not, that this is . . . → Read More: Security Development Lifecycle – Website!]]> I often talk about how we learned to engineer security into the products and the results prove that we are on the right track. One of the challenges we always have is how to help the ecosystem to improve as well. One of the ways is to communicate through our website. Not, that this is really new news – it is actually a few weeks old but still… We renewed our Security Development Lifecycle site.

If you are developing software internally you should definitely look at the site and think how to implement SDL in your organization. If you want help, there is the SDL Pro Network here to help you to implement SDL. Or leverage the tools we make available. Or much more…

If you are “just” buying software, look at the lifecycle and start to ask your vendors a few questions like:

  • How do you engineer security into the products? (I am not talking about the classical software engineering processes – I am talking about security…)
  • How do you do Threat Modeling (to me a key piece of the engineering process)

Roger

]]> http://www.halbheer.ch/security/2010/03/08/security-development-lifecycle-website/feed/ 0