It’s true, I read about it in one of those productivity blogs you know; the ones that are so compelling that they actually make you totally unproductive while reading them. Boom boom, he’s on all night ladies and gentlemen. The gist of the post was that you should write down your five year goal in [...]
It’s no real secret what I am doing at Microsoft although I haven’t really blogged about it much. I do plan to start in the coming weeks with some long posts about platforms, information security BPM, applying business management techniques to the information security discipline, dashboards and business intelligence etc.
Before I do that and hot [...]
A warm welcome to Andreas Fuchsberger who joins our team next week. Andreas lectures application security on the Royal Holloway Information Security Masters Degree and among other things participates in the ISO Security Standards process. We worked together before at ISS, in the mid-nineties he was one of my lecturers and we are delighted to [...]
So I don’t get accused of jumping on the bandwagon in months to come, I have today drawn some new conclusions about platforms and “next.0″ Internet apps. As we all watch on to see if FaceBook topples back into the blue ocean or becomes a Google, my current conclusion is that I am simply bored [...]
There is a nice video on the Virtual TechEd site here of RR, a Security Developer MVP.
Raffaele Rialdi sits down with Lori Grosland and explains his work with security and the software development life cycle. He also talks about threat modeling and how there are new ways that it is being used to identify [...]
Virtual labs, Videos and more
http://www.microsoft.com/click/hellosecureworld/default.mspx
[I wrote this blog post at 30,000 ft, listening to KT Tunstall's Drastic Fantastic album on my way back from a week in Tel Aviv. ]
In the New Year my part of the ACE Team expanded to include our Israel operations and I have been lucky enough to have inherited Alik Levin and Nimrod Luria. [...]
My colleague and legendary Hummus eater Alik Levin (that’s my plate at lunchtime today but rumours are that he once ate two) has written an excellent post about how to use the Guidance Explorer to generate a checklist while performing security code reviews.
His first post on his personal blog is here and a more comprehensive [...]
New article from John Steer on my team
Security Policies in the Application Development Process
This paper from IEEE describes how Ford Motor Company use the Threat and Application Modelling tool from my team to improve the security of their business applications.
Abstract: “Ford Motor Company is currently introducing threat modeling on strategically important IT applications and business processes. The objective is to support close collaboration between IT Security & [...]
Recent Comments