"Threat modeling is a way of looking at the design of a piece of software and saying, what are the things I need to be worried about to make sure this software isn't subject to attack," Lipner said. The tool can be used for new or existing applications, which can be based on Windows or other development methodologies. Microsoft SDL Threat Modeling Tool 3.0 is a design analysis tool offering early and structured analysis, as well as proactive mitigation and tracking of potential security and privacy issues, Microsoft said. "People point at Microsoft, so they'd like to alleviate that," Oltsik said. With its moves this week, Microsoft wants to externalize what it has learned and alleviate the problem of bad code development, said Jon Oltsik, senior analyst for Enterprise Strategy Group. "What that means is that basically, you're putting it out there hoping nobody will break into it," he said. ![]() Analyst data, Lipner said, has shown that 10 percent of organizations test for security during the implementation phase of software, 20 percent test during the verification phase, and 70 percent wait until the software already is in use.
0 Comments
Leave a Reply. |