Earlier today at Microsoft Tech·Ed EMEA 2008 - Developer in Barcelona, we announced the launch of the SDL Optimization Model, SDL Pro Network and the Microsoft SDL Threat Modeling Tool 3.1 Beta! You can read more about this announcement here or you can read more at the Microsoft Security Development Lifecycle (SDL) Blog.
To better understand why the Microsoft SDL Threat Modeling Tool 3.1 Beta is important to developers, I spoke to Canadian security wonk Dana Epp (AKA, Canada's Worf) and asked him a few questions about this tool and the Microsoft Security Development Lifecycle (SDL) itself.
Download MP3 Audio - Dana Epp on the Microsoft SDL Threat Modeling Tool (10.29 MB - 22 minutes, 28 seconds)
You can grab the Microsoft SDL Threat Modeling Tool 3.1 Beta today from Microsoft Downloads. Just make sure you have Visio installed as well. It's a great tool to help you identify and mitigate some of the threats in the STRIDE framework.
About Dana Epp
Dana Epp researches software security and sets the corporate vision in the convergence of information security principles and practices with digital information asset protection at Scorpion Software. As a computer security software architect, Dana has spent the last 15 years focusing on computer programming with a particular emphasis on security engineering to offer a safer computing environment for small business.
Dana has been an instructor in the Computer Information Systems department at the University College of the Fraser Valley and British Columbia Institute of Technology (BCIT), teaching students about computer programming and information security. He has brought to market various computer security products including secure operating systems, firewalls, VPNs, authentication devices and intrusion prevention systems (IPS). His latest research has been on identity and access control for Windows-based environments, focusing on two-factor authentication solutions for small business.
Dana has been twice awarded the Community Spirit Award for Business in recognition of his ongoing initiatives in promoting high technology industries in his community, and won the 2001 Chamber of Commerce "Young Entrepreneur of the Year" award. In 2006 and 2007 Dana has been honored with the award and distinction of Microsoft Windows Security Microsoft Most Valuable Professional (MVP) for his work and expertise in Windows security and continues to provide leadership in the community in regards to the application of information security principles and practices into software development and use.
About Developer Night in Canada (DNIC)
Developer Night in Canada (DNIC) is a podcast produced by John Bristowe (@jbristowe) and Joey deVilla (@AccordionGuy) of Microsoft Canada. Its focus is to provide insight and analysis from some of the developers and experts in Canada. The RSS feed for Developer Night in Canada (DNIC) is available here. Alternatively, you can subscribe through Apple's iTunes here.