How Cloud Computing Is Changing the World

With the move to cloud computing, The Microsoft Security Development Lifecycle (SDL) becomes even more important for mitigating security risk… A major shift in the way companies obtain software and computing capacity is under way as more companies tap into Web-based applications. By Rachael King

Google’s Chrome OS Cited as Likely Hacker Vehicle

The HTML 5 technology intended to power Google’s forthcoming computer operating system can access a PC online or off, warns security vendor McAfee. By Aaron Ricadela

Value Proposition for using the SDL

We’re discussing the value proposition of using the SDL this week. Most folks can articulate why organizations should use the SDL. Some reasons are: Structured way of ensuring Security is built into all application development efforts. 90% of attack now take place at the application level. It costs 30 times more to fix the application…


Why A Really Good Threat Model Matters Insurgents in Iraq have hacked into live video feeds from unmanned American drone aircraft, US media reports say. “Shia fighters are said to have used off-the-shelf software programs such as SkyGrabber to capture the footage. The hacking was possible because the remotely flown planes have an unprotected communications link. Obtaining such video feeds could…

Client and Cloud Security whitepaper

You guessed it. Download the security guidance from Microsoft Trustworthy Computing on client + Cloud security at Also be sure to get the video summary of the whitepaper at the same website. Steve Lippner, Senior Director from SDL Engineering team, talks about client + cloud security in today’s environment,and what you need to consider…

Bryan Sullivan talks about SDL for Agile

Be sure to check out the video of Bryan Sullivan talking about SDL for Agile on Also we’ve got the updated SDL Guidance Updated for Agile Development Methodologies . It’s the updated SDL for agile version 4.1a version with the SDL for Agile guidance appended to it.   George

Check out

We’ve got a new presence on Be sure to check out the new whitepapers on SDL and on Client and Cloud Security.   George

Microsoft TechEd Europe 2009, Berlin, Germany

  Cool stuff. I’m here now in Berlin, Germany. We got in last night. Bryan Sullivan did a talk on SDL for Agile here. Got a little bit of jet lag, but our booth is setup and good go go. A hot little item that customer seem to love is the SDL laptop sticker. Mark…


Whitepaper: How to Manually Integrate the SDL Process Template

Whitepaper: How to Manually Integrate the SDL Process Template – In response to customer requests, the SDL Team has provided a basic 7-step process for manually integrating key elements of the SDL Process Template into an existing Visual Studio Team System project.

Microsoft SDL team releases two security verification tools as FREE DOWNLOADS

Microsoft SDL team releases two security verification tools as FREE DOWNLOADS – BinScope Binary Analyzer integrates directly into the Visual Studio 2008 IDE. MiniFuzz File Fuzzer is a Visual Studio 2008 add-in. Both tools provide easy integration with TFS 2008 and the SDL Process Template for VSTS 2008!