Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Security Guidance and Threat Modeling
I just posted a blog entry on the main drivers behind CTL in TAM v3.0. You can check it out at IST...
Date: 07/30/2009
TAM 3.0 Beta is Now Live!
I am excited to say that Threat Analysis and Modeling (TAM) 3.0 Beta is now live on download center....
Date: 07/23/2009
Threat Analysis And Modeling (TAM) v3.0 – Learn about the New Features!
Last time we briefly talked about releasing TAM v3.0 this year. With each week we’re inching closer...
Date: 07/20/2009
TAM 3.0
Been a little quiet lately on TAM related news but head over to Channel9 to hear RV talk about...
Date: 06/30/2009
Beautiful Security
My colleague Mark Curphey made available a chapter he wrote for a recently released security book. I...
Date: 06/26/2009
Tax Season... So Threat Model This...
Tax Season! I came across a scenario that I wanted to share… Scenario: You have some tax application...
Date: 03/17/2009
Updated SDL TM Tool Now Available!!
Very excited to announce that the SDL folks have released v3.1.4 of the SDL Threat Modeling Tool, as...
Date: 03/03/2009
Announcing CAT.NET CTP & Anti-XSS v3 BETA
Continuing our work to share the tools and techniques we use internally to maintain a secure...
Date: 12/15/2008
SDL Threat Modeling Tool Now Available!
We're really excited that our colleagues over in the SDL team have released a beta of their threat...
Date: 11/20/2008
New SDL Threat Modeling Tool Coming Soon!
Even though this blog’s focus has always been the ACE Threat Modeling tool and methodology which is...
Date: 09/19/2008
Is Threat Modeling Right For You?
Great post by my friend and colleague around threat modeling in a series he's doing on application...
Date: 06/18/2008
Threat Management the bigger picture
Threat Modeling is one those ‘sciences’ that is just now starting to gel into something...
Date: 05/29/2008
Using Threat Models Beyond the Design Stage
Threat Modeling is no longer the obscure magic is used to be. With the creation of tools like the...
Date: 05/22/2008
Hello Secure World
An awesome site to check out which also includes virtual labs you can leverage for secure coding!...
Date: 05/05/2008
Customizing TAM Dropdown lists
One of the most frequent questions we get is that someone is using a technology that is not listed...
Date: 03/17/2008
[VIDEO] Threat Modeling and Discovering Security Issues
Raffaele Rialdi, a Microsoft Developer Security MVP, sits down with Lori Grosland at TechEd ATE in...
Date: 02/18/2008
Threat Modeling: Diving into the Deep End
IEEE paper on the TAM tool. "Ford Motor Company is currently introducing threat modeling on...
Date: 01/08/2008
A discussion on threat modeling
There is a discussion I had recently with a few folks over email around threat modeling that I...
Date: 10/30/2007
TAM/TAMe and Other ACE Tools
Mark Curphey (newest member of ACE) recently did a post on a set of tools we have in our portfolio...
Date: 10/25/2007
XSSDetect BETA now available!
I've talked about threat modeling being one part of the overall information security puzzle... there...
Date: 10/23/2007
Threat Modeling & SDL-IT
A common challenge for folks looking at threat modeling as a control to potentially help them secure...
Date: 08/27/2007
Threat Profile and "Composite Threat"
Threat profile is a very interesting concept that identifies the complete set of threats in a given...
Date: 06/19/2007
Create a good threat model in 10 simple steps
How can I get a great and secure product without killing myself? This is not just a question for...
Date: 06/18/2007
Rich Internet Applications - The New Security Frontier
In the past we have been relying on the web browser to provide/restrict the user interface for...
Date: 06/18/2007
Enterprise Edition
I recently did a TechNet webcast to talk about how Microsoft IT Manages Security Knowledge for...
Date: 05/18/2007
Threat Analysis and Modeling v2.1.2 Now Available!!!
The new build contains a few fixes including one for problem that caused the threat model documents...
Date: 04/04/2007
Tips on Threat Analysis and Modeling Tool
Some tips to work with Threat Analysis and Modeling Tool, these could be useful specially when...
Date: 02/18/2007
Shortcuts List
Threat Analysis and Modeling contains lot of shortcuts for the most used functionality in the tool....
Date: 02/12/2007
Threat Analysis and Modeling tool setup updated!!!
The new version of th tool can be downloaded from https://go.microsoft.com/fwlink?linkid=77002. New...
Date: 02/09/2007
Threat Analysis and Modeling v2.1.1 Now Available!!!
[UDPATE] Auto-Save feature does not work as expected, this feature might give you errors and...
Date: 01/31/2007
Channel9 Interview
I did an interview a while back on Channel9 on our threat modeling tool and process... it went up a...
Date: 12/18/2006
Threat Anlysis and Modeling v2.1 Now Available!!!
[UDPATE] The download is now live. [UPDATE] Please send feedback & feature requests to...
Date: 11/30/2006
TAM v2.1 Sandboxing – Part II – Risk Measurement Plug-in
TAM v2.1 introduces a new security model for the plug-in under which the behavior of the plug-in can...
Date: 10/30/2006
ACE Team on Channel9
ACE Team is on Channel9. This is the 1st part of the interview (there is a part on the TM tool as...
Date: 10/25/2006
TAM v2.1 Sandboxing – Part I – Risk Measurement Plug-in
TAM v2.1 supports multiple risk measurement techniques by allowing the user to specify a plug-in to...
Date: 10/12/2006
Application security - The ACE View
As business process automation started to take hold in the early 1990s, organizations began to...
Date: 10/04/2006
Security lock down
As a part of the MSDN Security on the Brain Series of Conferences, there is a virtual conference on...
Date: 09/20/2006
APPLICATION RISK MANAGEMENT WEBCAST
Talhah has been blogging about Knowledge management and translation and some other stuff that nicely...
Date: 08/31/2006
Risk Measurement Plug-in Development
Threat Analysis and Modeling Tool (TAM) tool uses a interface to provide risk measurement plug-in...
Date: 08/30/2006
Customizing TAM drop-downs
We’ve been getting a lot of queries around the drop-downs in the TAM tool to define things like...
Date: 08/17/2006
Knowledge Management & Translation
The other day I was talking to someone about the next big project we’re working on around risk...
Date: 08/15/2006
Invest in security? Show me the ROI...
How many times have you tried to preach software security only to have someone ask you to show the...
Date: 08/10/2006
New addition to the team
Well, I joined the Microsoft ACE Team in May 2006. Having seen the Threat Modeling tool from the...
Date: 07/25/2006
RTM Now Available!!!
RTM version of the Threat Analysis and Modeling Tool v2.0 is now available here. Thank you for using...
Date: 07/06/2006
RC2 Release!!!
[Update] RC2 is live now and can be download from here, we had some technical difficulties earlier....
Date: 06/28/2006
RC2 & Looking forward...
We’re on track and got done with RC2 as of Friday and have released it internally. We’re not...
Date: 06/18/2006
Assembly Hijacking Video
Rocky's got a great video on assembly hijacking here (see "Presentation Videos" on left-hand side)....
Date: 05/26/2006
RC1 NOW AVAILABLE!
RC1 of the Threat Analysis & Modeling v2.0 is available for download here. Aside from bug fixes...
Date: 05/22/2006
We're Hiring!
The ACE Team is hiring... check out this post. -Talhah
Date: 04/22/2006
Security with Visual Studio Team System
Mark Groves, one the of PMs on the Visual Studio Team System for Software Architects (VSTESA) team...
Date: 04/17/2006