Threat Analysis & Modeling Tool - TAM 3.0
- Posted: Jun 29, 2009 at 1:43 PM
- 8,585 Views
- 2 Comments
Anil Revuru (RV), from
Information Security Tools, provides an overview of the new version of TAM (Threat Analysis & Modeling), an asset-centric tool which uses an objective methodology to analyze applications for threats and define mitigation plans for them. TAM aligns to the SDL-LOB
as part of the Design phase.
RV describes the new features in this version, including the online repository for the attack countermeasures, automated use cases creation, composite threats, among others.
Learn more:
RV describes the new features in this version, including the online repository for the attack countermeasures, automated use cases creation, composite threats, among others.
Learn more:
Comments Closed
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation,
please create a new thread in our Forums,
or
Contact Us and let us know.
More posts in this blog
-
Security Design Reviews
-
Threat Analysis & Modeling Tool - TAM 3.0
-
Architecture Behind CAT.NET
Follow the Discussion
Oops, something didn't work.
What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.sign up for email notifications?
1. What does TWC or TMT stand for?
2. If you can share what benefits you (the Project Team members, not TAM tool members) got from this tool, that would be great
3. I was one of the early adopter of this tool (ver 1.0), after that I never got a chance to see the tool; indeed its a great tool which saved us lots of security level effort. Projects outside Microsoft, use this tool by any chance? If YES, what level of support we can expect.
1. TWC stands for Trust Worthy Computing and TMT stands for Threat Modeling Tool, you can find the latest TMT which is called as SDL Threat Modeling Tool at http://www.microsoft.com/downloads/details.aspx?FamilyID=A48CCCB1-814B-47B6-9D17-1E273F65AE19&displaylang=en.
2. TAM tool is used internally for threat modeling Line of Business applications, it uses asset (data) centric approach which is a very critical part of the IT Applications. I have explained some in the video, security awareness, writing more secure code etc were some noticable gains. You can subscribe to our conenction on http://connect.microsoft.com/site/sitehome.aspx?SiteID=734 to get beta release information.
3. There are multiple levels of support that we offer, from professional services to simple email support and discussions. http://blogs.msdn.com/threatmodeling, http://blogs.msdn.com/securitytools and http://www.msinfosec.com are the best places to start. msacetm@microsoft is our public email alias where you can ask questions about this tool.
Remove this comment
Remove this thread
close