<div dir="ltr"><div>Worked on a project last year led by the late <a href="https://en.wikipedia.org/wiki/Howard_Schmidt">Howard Schmidt</a> with <a href="http://www.safecode.org">SAFECode (a non-profit)</a> here are the fruits of that labor.<br></div><div><div><div class="gmail-underline_h" style="box-sizing:border-box;background-image:url("../images/hr_bg.png");background-position:100% 35px;background-size:initial;background-repeat:repeat-x;background-origin:initial;background-clip:initial;padding-bottom:20px;color:rgb(51,51,51);font-family:lato,sans-serif"><h2 style="box-sizing:border-box;font-family:inherit;line-height:24px;color:rgb(52,51,51);margin-top:20px;margin-bottom:0px;display:inline-block;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;padding-right:10px"><font size="4"><u>Managing Security Risks Inherent in the Use of Third-party Components</u></font></h2></div><p style="box-sizing:border-box;margin:0px 0px 10px;font-size:14px;line-height:19px;color:rgb(58,58,58);font-family:lato,sans-serif">The use of third-party components (TPCs), including open source software (OSS) or commercial off-the-shelf (COTS) components, has become defacto standard in software development. This paper breaks down the process and procedures developers need in order to test, improve, and quantify the security of third party components.</p><p style="box-sizing:border-box;margin:0px 0px 10px;font-size:14px;line-height:19px;color:rgb(58,58,58);font-family:lato,sans-serif"><a href="https://www.safecode.org/wp-content/uploads/2017/05/SAFECode_TPC_Whitepaper.pdf" style="box-sizing:border-box;background:0px 0px;color:rgb(0,120,197);text-decoration-line:none">https://www.safecode.org/wp-content/uploads/2017/05/SAFECode_TPC_Whitepaper.pdf</a></p></div><div><div class="gmail-underline_h" style="box-sizing:border-box;background-image:url("../images/hr_bg.png");background-position:100% 35px;background-size:initial;background-repeat:repeat-x;background-origin:initial;background-clip:initial;padding-bottom:20px;color:rgb(51,51,51);font-family:lato,sans-serif"><h2 style="box-sizing:border-box;font-family:inherit;line-height:24px;color:rgb(52,51,51);margin-top:20px;margin-bottom:0px;display:inline-block;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;padding-right:10px"><font size="4"><u>Tactical Threat Modeling</u></font></h2></div><p style="box-sizing:border-box;margin:0px 0px 10px;font-size:14px;line-height:19px;color:rgb(58,58,58);font-family:lato,sans-serif">Threat modeling, a key technique for architecting and designing systems securely, is a method that many SAFECode members employ. This paper leverages SAFECode members’ insights to offer effective ways to better integrate threat modeling and provides a great resource for organizations that are looking to integrate threat modeling into their own development processes and teams.</p><p style="box-sizing:border-box;margin:0px 0px 10px;font-size:14px;line-height:19px;color:rgb(58,58,58);font-family:lato,sans-serif"><a href="https://www.safecode.org/wp-content/uploads/2017/05/SAFECode_TM_Whitepaper.pdf" style="box-sizing:border-box;background:0px 0px;color:rgb(0,120,197);text-decoration-line:none">https://www.safecode.org/wp-content/uploads/2017/05/SAFECode_TM_Whitepaper.pdf</a></p><p style="box-sizing:border-box;margin:0px 0px 10px;font-size:14px;line-height:19px;color:rgb(58,58,58);font-family:lato,sans-serif"><br></p><p style="box-sizing:border-box;margin:0px 0px 10px;line-height:19px;color:rgb(58,58,58);font-family:lato,sans-serif"><b><font size="4"><u>FREE Online Training</u></font></b></p><p style="box-sizing:border-box;margin:0px 0px 10px;line-height:19px"><font color="#3a3a3a" face="lato, sans-serif"><span style="font-size:14px"><a href="https://training.safecode.org/courses">https://training.safecode.org/courses</a></span></font></p><p style="box-sizing:border-box;margin:0px 0px 10px;line-height:19px"><font color="#3a3a3a" face="lato, sans-serif"><br></font></p><p style="box-sizing:border-box;margin:0px 0px 10px;line-height:19px">All of the collaborators are easy to find online if you have any questions.</p><p style="box-sizing:border-box;margin:0px 0px 10px;line-height:19px"><a href="http://www.twitter.com/brennantom">@brennantom</a></p></div></div></div>