Repost: Dana Epp's "Microsoft, can you please cross-breed TAM and your internal TM tools?"
1 view
Skip to first unread message
ParanoidMike
Nov 4, 2008, 12:46:56 PM11/4/08
to Microsoft Threat Modeling Tools
http://silverstr.ufies.org/blog/archives/001039.html
(excerpts)
"Microsoft, you need to cross-breed TAM and your own SDLC threat
modeling tool. That thing is just wicked."
"I am a fan of TAM, but hate that I cannot easily design my own data
flow diagrams. There is too much focus on entering in critical
components like use cases before the DFD is laid out. The MS internal
tool [aka SDL TM v3] isn't like that."
Then Mark Curphey of Microsoft's CISC team (who originally created MS-
TAM) commented:
"For clarification all LOB apps built in MSFT use the TAM tool, the
product teams use something different.
I own the TAM tool. Drop me a note offline and lets talk about what
you want us to do. No promises but I am sure we can move this in the
way you are suggesting!"
And Dana replied:
"I'll do that. Thanks for being open enough to explore this."
(Note: there's been no mention of this since, either in the Comments
to this Post, or later posts.)
(excerpts)
"Microsoft, you need to cross-breed TAM and your own SDLC threat
modeling tool. That thing is just wicked."
"I am a fan of TAM, but hate that I cannot easily design my own data
flow diagrams. There is too much focus on entering in critical
components like use cases before the DFD is laid out. The MS internal
tool [aka SDL TM v3] isn't like that."
Then Mark Curphey of Microsoft's CISC team (who originally created MS-
TAM) commented:
"For clarification all LOB apps built in MSFT use the TAM tool, the
product teams use something different.
I own the TAM tool. Drop me a note offline and lets talk about what
you want us to do. No promises but I am sure we can move this in the
way you are suggesting!"
And Dana replied:
"I'll do that. Thanks for being open enough to explore this."
(Note: there's been no mention of this since, either in the Comments
to this Post, or later posts.)
Reply all
Reply to author
Forward
0 new messages