March 2006 Entries
Alright, the purists are taking Rocky (Lhotka) out for another bout. It seems some of his comments on DotNetRocks got under some (fr)agile skin. Check out the discussion here. Listen to Rocky's comments here and his followup on his blog here...
OK. I'll revise what I said in an earlier post about this tool. You shouldn't change your vocabulary to Secure Development Lifecycle--but you definitely need to add it to your development practices. Security should start at the envisioning phase and proceed all the way to deployment. How many times has an application been created where the deployment had to be insecure because of the way the developers put it together? As a consultant, I've seen developers use “SA“ for the SQL connection,...
If you are involved in the Software Development Lifecycle, you need to change your vocabulary to Secure Development Lifecycle. Microsoft has released the Beta 2 of a Threat Analysis and Modeling tool that you need to get your hands on. Very cool! I've already talked with some of the members of the ACE team about getting this part of the VSTArchitect...
This year, I'm not crossing my fingers--I'm just going