microsoft

Ethonomethodologists talk a lot about communities of practice. Groups of people who share some set of work that they do similarly, and where they’ll co-evolve ways of working and communicating. When everyone is part of a given community, this works really well. When we talk about “think like an attacker” within a community of security…

Read More Boundary Objects and Threat Modeling

I just finished an interesting paper, K. Koscher, A. Juels, T. Kohno, and V. Brajkovic. “EPC RFID Tags in Security Applications: Passport Cards, Enhanced Drivers Licenses, and Beyond.” In the paper, they analyze issues of cloning (easy) read ranges (longer than the government would have you believe) and `design drift’ (a nice way of saying…

Read More "EPC RFID Tags in Security Applications"

The employer has been posting them at a prodigious rate. There’s: “Threat Modeling at EMC and Microsoft,” Danny Dhillon of EMC and myself at BlueHat. Part of the BlueHat SDL Sessions. Also on threat modeling, Michael Howard and I discuss the new SDL Threat Modeling Tool Michael Howard and I also discussed the new SDL…

Read More Videos of me

I’m in Barcelona, where my employer has made three announcements about our Security Development Lifecycle, which you can read about here: “SDL Announcements at TechEd EMEA.” I’m really excited about all three announcements: they represent an important step forward in helping organizations develop more secure code. But I’m most excited about the public availability of…

Read More SDL Announcements

In “The product manager’s lament,” Eric Ries writes about his view of product managers: Let’s start with what the product manager does. He’s supposed to be the person who specifies what the product will do. He writes detailed specs which lay out exactly what features the team should build in its next iteration. These specs…

Read More CTOs, Product Management and Program Management