Freigeben über


Microsoft hosts OEM partners for a crash-course in SDL (Day One)

As part of our ongoing SDL efforts, we are hosting a 2.5 day event here in Redmond for our OEM partners – over 50 senior technical experts from the biggest names in the computer industry. Out of respect for our partners I won’t name names, but the “usual suspects” are in attendance.  There was also representation from the chipset manufacturers and hardware component suppliers to the OEMs.  The discussions are technical and to their credit, the participating companies sent their “A teams” to learn about the SDL process and how they can use it within their organizations.

We are presenting the same content that we give to our own engineers on a variety of SDL topics. Matt Thomlinson provided the opening remarks and some historical context around the security efforts at Microsoft. Shawn Hernan provided the actual “introduction” to the SDL – explaining the process - what we do, why we do it, and data showing our results to date.  After that, Adam Shostack presented an in-depth session on Threat Modeling – an integral part of the SDL. I taught a lively 3-hr session on Secure Coding (go figure!) and we ended the day with a talk by Dan Kaminsky of IOActive on the “hacker viewpoint” – essentially a discussion of the Vista security efforts and his views on the next targets of opportunity for the hacker community.  All in all it was a great first day – lucid questions and insightful feedback.

Tomorrow we move into testing and verification – James Whittaker leads off on Security Testing followed by Bill Shihara talking about security tools.  Should be good!

Comments

  • Anonymous
    November 08, 2006
    I'm just reading your book "The Security Development Lifecycle". Do you plan any similar SDL course or training for other software development companies?

  • Anonymous
    November 08, 2006
    Interesting course. Are you doing to host same course in future? What's the process for enrolling in this course?

  • Anonymous
    November 09, 2006
    If you follow the same blogs that I do, you're probably already aware of the fact that Microsoft is hosting a series of discussions with their OEM partners about the SDL (Security Development Lifecycle.) First of all, let me say that I'm seriously jealous

  • Anonymous
    December 05, 2006
    As I mentioned in a previous series of posts , we recently had all the major OEMs on campus to discuss

  • Anonymous
    April 16, 2007
    At the end of June my family and I are moving to Austin, Texas. I’ll still be doing a lot of the same

  • Anonymous
    June 14, 2007
    Hi – Dave here. If you have read Michael Howard’s blog for a while, you may recall that our team held