This paper is talking about Microsoft's initiatives in delivering moresecure software. The first part of the paper defines the TrustworthyComputing initiative and will highlight the security pillar of thisinitiative. I will explain the security framework called SD3+C and givesome examples what we did in each part of this framework.The second part highlights one specific element of the initiative calledSTRIDE threat modelling. Under impulse of the Trustworthy Computinginitiative, each product development needs to go through STRIDE. We wantto encourage designers in general to include threat modelling into thedesign process. The STRIDE model can be very helpful to achieve this.STRIDE should be seen as a two phase approach. In the first phase,designers will use the model to look to their architectures through theeyes of a hacker. The outcome will be a prioritized list of threats. Ina second phase the designers need to mitigate this high prioritythreats. STRIDE will help them to include threat modelling into theirdesign process and to ask the right questions.
CITATION STYLE
Bjones, R. (2004). Delivering more Secure Software. In Securing Electronic Business Processes (pp. 66–72). Vieweg+Teubner Verlag. https://doi.org/10.1007/978-3-322-84982-3_7
Mendeley helps you to discover research relevant for your work.