Skip to main content
SpringerLink
Log in

Delivering more Secure Software

  • Chapter
Securing Electronic Business Processes

  • 106 Accesses

Abstract

This paper is talking about Microsoft’s initiatives in delivering more secure software. The first part of the paper defines the Trustworthy Computing initiative and will highlight the security pillar of this initiative. I will explain the security framework called SD3+C and give some examples what we did in each part of this framework.

The second part highlights one specific element of the initiative called STRIDE threat modelling. Under impulse of the Trustworthy Computing initiative, each product development needs to go through STRIDE. We want to encourage designers in general to include threat modelling into the design process. The STRIDE model can be very helpful to achieve this. STRIDE should be seen as a two phase approach. In the first phase, designers will use the model to look to their architectures through the eyes of a hacker. The outcome will be a prioritized list of threats. In a second phase the designers need to mitigate this high priority threats. STRIDE will help them to include threat modelling into their design process and to ask the right questions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Microsoft: Next Generation Secure Computing Base. Editor: Microsoft Web: http://www.microsoft.com/ngscb, Microsoft, 2003.

    Google Scholar 

  2. Meier, J.D. et al. Microsoft: Improving Web Application Security: Threats and countermeasures. Editor: Microsoft patterns & practices Web: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/ ThreatCounter.asp, Microsoft, 2003.

    Google Scholar 

  3. Howard, Michael and LeBlanc David Name: Writing Secure Code Second Edition. Editor: Microsoft, Microsoft Press, 2003.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Microsoft EMEA, Singapore

    Ronny Bjones

Authors
  1. Ronny Bjones
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Friedr. Vieweg & Sohn Verlagsgesellschaft/GWV Fachverlage GmbH,Wiesbaden

About this chapter

Cite this chapter

Bjones, R. (2004). Delivering more Secure Software. In: Securing Electronic Business Processes. Vieweg+Teubner Verlag. https://doi.org/10.1007/978-3-322-84982-3_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-322-84982-3_7

  • Publisher Name: Vieweg+Teubner Verlag

  • Print ISBN: 978-3-528-05887-6

  • Online ISBN: 978-3-322-84982-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation