none
Security University is already teaching Microsoft SDL & Threat Modeling Methodology ! RRS feed

  • General discussion

  • I am very impressed that Microsoft is blazing a trail in the Software Security methodology... I'm sitting in Security University's Qualified / Software Security Expert  (Q/SSE) this week and we spent half a day (so far) learning about Microsoft's SDL  & Threat Modeling Methodology...  The MS SDL site was just introduced yesterday...


    Good job Microsoft!

    r/s
    Mike
    • Moved by Hengzhe Li Tuesday, June 21, 2011 12:24 PM Forum Consolidate (From:Microsoft Security Development Lifecycle (SDL) - Threat Modeling)
    Tuesday, November 11, 2008 9:23 PM

All replies

  • Hey Mike,

    Ya, Microsoft has a lot of experience in what NOT to do. War wounds aside, they have significantly matured their internal architecture, development and testing processes... aligned with their experiences on how to write safer code. The result is the SDL process. What is nice is that they are willing to share those experiences with their developer community. And provide great educational materials, training (have you seen all the web based training they have provided over the years??) and tools to help us all out. The SDL TM tool is just one example of this.

    That's good for the industry as a whole.
     
    Dana Epp
    Microsoft Security MVP

    Thursday, November 13, 2008 1:53 PM