John Bristowe, Developer Evangelist for Microsoft, heard about this and invited me on to a podcast where we talk about the tool. Well, I am proud to annouce that Adam and his team listened to our feedback, and released a beta of the tool this week for FREE to the community. At the time it was heavily coded to use internal Microsoft resources and pathings, and just wasn’t in a position to be released outside the corporate LAN. You can see the difference in the two processes with this image:ĭuring MVP summit, Alun, Jesper and I sat in on a developer security session where I pressured hard on Adam Shostack, the owner of the tool within Microsoft, to release this tool to the community. While the TAM tool is a great application threat modeling tool, it doesn’t align well with the use of STRIDE, as part of SDL. If you are a regular reader of this blog, you know earlier this year I challenged Microsoft to cross-breed The Microsoft TAM tool with Microsoft’s internal threat modeling tool that they use for their own commercial software. If you care to build secure code (which I would assume since you read my blog) threat modeling may be a very important part of your development lifecycle. If you design and/or write code, building trustworthy software may or may not be a driver in your team.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |