TMCnet News

IOActive Selected to Be a Member of Microsoft's Innovative Security Program
[October 07, 2008]

IOActive Selected to Be a Member of Microsoft's Innovative Security Program


(Marketwire Via Acquire Media NewsEdge) SEATTLE, WA, October 7 / MARKET WIRE/ --

IOActive, an industry-leading provider
of application security and risk management services, today announced that
it is one of nine companies internationally selected to be a member of
Microsoft's Security Development
Lifecycle (SDL) Pro Network, which will kick off its year-long pilot
phase in November 2008. The SDL Pro Network is a group of security service
providers that specialize in application security and have substantial
experience and expertise with the methodology and technologies of the Microsoft SDL. The program is designed

to make the SDL accessible to companies outside of Microsoft, providing
customer protection while continuing to improve the process itself.

Members of the SDL Pro Network will help organizations of all sizes
implement SDL through five capability areas:

1. Training -- Provide security training and advice on implementing SDL
in addition to exploring the company's organizational and policy
capabilities.

2. Requirements and Design -- Plan how security will be integrated into
software design by examining user requirements, industry standards,
and threat models.

3. Implementation -- Perform code analysis and review, and enforce the
use of safe APIs.

4. Verification -- Perform additional security code reviews alongside
fuzzing and web application scanning.

5. Release and Response -- Perform a Final Security Review that
includes response planning and execution to determine whether
software is ready for customer delivery.

Part of Microsoft's Trustworthy
Computing initiative, Microsoft developed the SDL more than six years
ago with the objective of producing more secure software that could
withstand the ever-changing nature of malicious attacks. The SDL prescribes
security and privacy measures during each stage of development and requires
that a final review occur before the software is released. The result is
that software developed following the SDL protocol exhibits fewer security
vulnerabilities.

"IOActive is thrilled to be a member of this elite program and we are
flattered that Microsoft trusts us as capable of delivering expert SDL
services to the community. Institutions that choose to 'bake' security into
their development process -- as opposed to 'bolting' it on -- will enjoy a
significant competitive edge in the marketplace as enterprises and
consumers increasingly seek out organizations that invest in proactively
securing the technology ecosystem," said Joshua Pennell, president and CEO
of IOActive.

Members of the SDL Pro Network are a select group of industry leaders that
specialize in application security and have extensive experience with the
Microsoft SDL. IOActive has worked closely with Microsoft for the last five
years on a number of key initiatives -- most notably, IOActive was one of
the few companies hired by Microsoft to perform the code review of the
Windows Vista operating system.


"We are really excited to work with IOActive on this project," said David
Ladd, principal security program manager in Microsoft's Trustworthy
Computing group. "With help from industry leaders like IOActive, we hope to
not only increase accessibility of our SDL process, but to improve security
protocol in software development as a whole."

Part of Microsoft's Trustworthy Computing initiative, Microsoft developed
the SDL more than six years ago with the objective of producing more secure
software that could withstand the ever-changing nature of malicious
attacks. The SDL takes security and privacy measures during each stage of
development and requires that a final review occurs before the software is
released. The result is that software developed following the SDL protocol
exhibits fewer security vulnerabilities.

About IOActive, Inc.

IOActive is an industry leader that offers comprehensive security services
including software assurance, infrastructure audits, training, incident
response, and Governance Risk Compliance. Established in 1998 and
headquartered in Seattle, WA, IOActive has attracted many well-known
security experts including Dan Kaminsky, Jason Larsen, Ward Spangenberg,
and Ted Ipsen. For more information, please visit the Web site
www.ioactive.com.

Contact:
Jennifer Steffens
206.784.4313Email Contactwww.ioactive.com

Copyright ? 2008 Marketwire

[ Back To TMCnet.com's Homepage ]