New Version of BinScope Binary Analyzer

We are delighted to announce the availability of an updated version of the BinScope Binary Analyzer, Microsoft BinScope version 2014. BinScope is a tool used during the Security Development Lifecycle (SDL) verification phase. It is available as a free download from the Microsoft Download Center here. BinScope was designed to help detect potential vulnerabilities that can be introduced into Binary files. The checks it implements examine application binary files to … Read more »

SAFECode on Confidence: One Size Does Not Fit All

In a recent post by SAFECode, a non-profit organization of software vendors dedicated to increasing trust in information and communications technology products by improving security and assurance methods, Eric Baize of EMC and Steve Lipner of Microsoft discuss the challenging subject of trustworthiness of acquired software.  How a customer gains confidence in acquired software is a frequently asked question of developers.  The latest SAFECode blog discusses three approaches that a … Read more »

Introducing Microsoft Threat Modeling Tool 2014

Today, we are excited to announce the general availability of a new version of a very popular Security Development Lifecycle tool – Microsoft Threat Modeling Tool 2014. It’s available as a free download from Microsoft Download Center here. Threat modeling is an invaluable part of the Security Development Lifecycle (SDL) process. We have discussed in the past how applying a structured approach to threat scenarios during the design phase of development helps teams more … Read more »

SDL Process Templates for Visual Studio Team Foundation Server 2013

Today, we are excited to announce the general availability of a new version SDL process templates: Microsoft Solutions Framework (MSF) for Agile 2013 plus Security Development Lifecycle (SDL)  Microsoft Solutions Framework (MSF) for Capability Maturity Model Integration (CMMI) 2013 plus Security Development Lifecycle (SDL)   This version of the SDL Process Templates is specific to the Microsoft Security Development Lifecycle version 5.2.  The SDL Process Templates automatically integrate policy, process and tools associated … Read more »

Threat Modeling a Retail Environment

Posted by: Michael Howard, Principal Consultant, Cybersecurity If you have followed this blog, or followed anything Microsoft has done with the Security Development Lifecycle, you’ll know that we are proponents of the benefits of threat modeling as a way to understand the risks to and potential mitigations for a system. The computer industry is full of systems that look somewhat alike, and have similar “moving parts”; for example, banking, health … Read more »

Life in the digital crosshairs: the untold story

To mark the 10 year anniversary since the creation of the Security Development Lifecycle, we wanted to tell the behind-the-scenes story of how the SDL came to be.  Back in 2004, Microsoft decided that if we were going to succeed at building trust with our customers, security could not be an afterthought when developing our products and services. So how do you get a large organization like Microsoft to prioritize security … Read more »

New Whitepaper on SDL adoption

Arjuna Shunn here. Our friends over on the security blog have just released a new whitepaper discussing the value of SDL in the financial sector. Feel free to take a look and grab the whitepaper, it is definitely worth taking the time to read through and see how the Microsoft SDL has helped the financial services industry and can help other industries as well.

Secure Development Is Much Easier Than You Think

Secure software development is something we believe is absolutely critical to helping create safer more trusted computing experiences for everyone.  So much so that we invest in providing free tools, resources and guidance to help assist organizations in adopting an SDL process and are actively involved in helping to evangelize these resources to the security community. However while these resources have existed since 2008, our Trust in Computing study showed … Read more »

Trust in Computing Survey, Part 2: Less Than Half of Developers Use a Security Development Process

If you are in the security industry or follow news related to security breaches or threat intelligence, you know that the threat landscape is continually evolving.  Attackers are constantly seeking out new ways to compromise potential victims on a broad or targeted scale. They attempt to exploit unpatched vulnerabilities, use deceitful tactics to trick users into installing malicious software, attempt to guess weak passwords, and other dirty tricks. Despite this … Read more »