Recently Microsoft published a simplified version of their SDL methodology, reducing the detail in the hope of making implementations a bit easier. Microsoft has also made available its four core SDL Training classes (introductions to SDL & Threat Modeling, Basics of Secure Design, and Privacy for SDL) as well as the supporting tools. Finally, Adam Shostack has also made available Elevation of Privilege, the Threat Modeling Game, which he thinks is the easiest way to get started threat modeling – just try it!
Showing posts with label SDL. Show all posts
Showing posts with label SDL. Show all posts
Monday, March 8, 2010
Sunday, February 21, 2010
Simplified implementation of the Microsoft SDL
Microsoft has announced a new 17-page whitepaper that presents a simplified version of their Security Development Lifecycle (SDL). From the announcement
One of the common misconceptions about the Microsoft SDL is that you have to be an organization the size of Microsoft in order to be able to implement it. Another misconception is that the SDL is only appropriate for Microsoft languages and Microsoft platforms, and that you need to use some other methodology if you’re writing code with Ruby for OS X. The Simplified SDL white paper helps address these misconceptions by explaining how the SDL can be implemented with limited resources and applied to any platform.
Subscribe to:
Comments (Atom)
Posts
