Forward, positively..

October 10, 2008

Risk, Risk, I sound like Steve Lamb yet?…

Filed under: 874 — thebestbrew @ 9:05 am

I attended a BCS/IET talk by the ever-excellent Steve Lamb. His theme was the three ghosts of Microsoft security (a Christmas Carol – Past/Present/Future get it..). He moved very smoothly through the phases of security in Microsoft and I have summarised a few take-aways from his discussion:

Microsoft’s Bluehat is an ongoing series of meetings.

We need to pay attention to risk not just the technical stuff – you can become too focused on technical detail and not see the wider picture (which may present greater threats).

Checkout the Microsoft Security Development Lifecycle much interesting and useful stuff – it is as relevant for implementation as for software development.

Steve urged us to constantly be aware of the 10 immutable laws of security

Do threat modelling – know where your real risks lie.

Sqlserver vulnerabilities are much reduced before and after Microsoft’s implementation of Security Development Lifecycle

Vulnerabilities up the stack are much bigger than in the operating system – around 60% are estimated to be in web applications. Just think what there might be in 5/10/15 year old code.

Use an Infrastructure Optimisation model (Basic/Standardised/Rationalised/Dynamic) for an approach to security development (and implementation).

STRIDE is a good starting point for threat modelling 

Checkout the Microsoft Security Response Centre




  1. I think you must have been in disguise, I was there but didn’t spot you!

    Comment by Ross — October 14, 2008 @ 9:52 am

  2. Yes – I was the handsome, distinguished-looking, charming man down the front who didn’t see you either. It was a good event methinks.

    Comment by thebestbrew — October 15, 2008 @ 1:10 pm

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Blog at

%d bloggers like this: