October 13, 2008 15:21

    

Interesting paper by Adam Shostack:

Abstract. Describes a decade of experience threat modeling products and services at Microsoft. Describes the current threat modeling methodology used in the Security Development Lifecycle. The methodology is a practical approach, usable by non-experts, centered on data ow diagrams and a threat enumeration technique of 'STRIDE per element.' The paper covers some lessons learned which are likely applicable to other security analysis techniques. The paper closes with some possible questions for academic research.

Link: http://www.schneier.com/blog/archives/2008/10/thre...

All news for January 7, 2009

21:39	Schneier on Security: The NSA on the Origins of the NSA
17:26	Dancho Danchev: Dissecting the Bogus LinkedIn Profiles Malware Campaign
14:56	Schneier on Security: Censorship on Google Maps
07:35	Martin McKeay: Network Security Podcast, Episode 133

All news for January 6, 2009

22:28	Schneier on Security: The Best Capers of 2008
18:00	Dancho Danchev: Summarizing Zero Day's Posts for December
16:06	Dancho Danchev: Squeezing the Cybecrime Ecosystem in 2009
13:51	Schneier on Security: Kip Hawley Is Starting to Sound Like Me

All news for January 5, 2009

22:56	Schneier on Security: FBI's New Cryptanalysis Contest
22:03	Steve Riley on Security: Poll: do you use scheduled scans for malware?
18:22	Martin McKeay: Four information points on Twitter phishing
14:34	Schneier on Security: Trends in Counterfeit Currency

All news for January, 2009

All news for 2008

All news for 2009