During my Threat Modeling session, , most of the feedback and follow-up questions were similar to the ones in the booth: how to expand the threat modeling processes to their own companies, and how to get started. My typical response to both questions is to start small and do what makes sense for your organization.
At Microsoft, for example, when we introduce new SDL requirements, we usually start with a few teams so we can refine the requirement and supporting tools before expanding the requirements to a broader group. Similarly, while we have a core set of requirements that all teams have to meet, there are other requirements that are specific to a platform, scenario, or functionality.
For example, there are some requirements that make sense for desktop-oriented products, but do not make sense for mobile devices. You may very likely have to make changes to our policies to make them relevant to your organization, your scenarios, and functionality.
One of the joys of presenting at TechEd each year is hearing from real people about the issues they face using our products in the real world; rarely are the issues pure philosophical security geekness. Some years ago, security was never really a topic of discussion other than those that relate to security technologies, such as how to use and manage X.
You can also watch the clip of S. Somsegar giving the speech of crossfader from footage taken from this years Microsoft TechEd. Dave gave a good example of SQL Server by using an online company which allows bloggers and other people to contribute content and become freelance journalists.
He had someone take a picture from the audience and within minutes they had it uploaded and logged on the site as if it were part of the TechEd conference.
Bill Gates took the stage again and gave a small peek into the future of Application Development, a noticable trend that has been coming around in the last few years of modeling.
As a result, Microsoft is creating a model driven development platform, code name Oslo. Probably the most interesting part of Key Note was when we saw a small robot come on stage being controlled by an XBox controller. What made the robot interesting was that it was being balanced on two wheels and was able to move around freely without falling over or anything. The robot came rolling out with some type of document in its hand which he then handed to Bill Gates. After Gates opened it, it turned out to be a certificate for a lifetime subscription to XBox Live, which can be seen in the picture below.
You can also watch the clip of the Ballmer Bot taking the stage from footage taken at this years Microsoft TechEd. Also, feel free to watch the entire Key Note below. Just as a warning, it is just under an hour and a half long. Note: that the embedded video requires Silverlight to be installed, which works with Internet Explorer, Firefox, and Safari. I saved Velocity for last because it seems like the most interesting Silverlight 2 Beta 2 is really cool, but not too big of a surprise. As several people have pointed out, it seems pretty similar to memcached , an open source distributed caching solution under the pretty friendly BSD license.
Why rewrite memcached? Well, here's what the introductory post on the new Velocity blog says about it:. Distributed caches are not new — during the last couple of years several caching products have emerged to address the performance and scalability needs of applications.
Most of these products are point products, primarily supporting key-based access. Other than memcached, which is an open source technology, most others target enterprises and enterprise workloads and scale.
I think the web workloads require considerably large scale, with s of cache nodes in a cluster. The web scale distributed caches not only require mechanisms that can scale and provide availability in very large clusters, they must be easy to manage or self-managed.
0コメント