Michael Howard

Michael Howard

Michael is a Security Program Manager in the Secure Windows Initiative team at Microsoft. He is the author of Designing Secure Web-based Applications for Microsoft Windows 2000 and the co-author of Writing Secure Code, both from Microsoft Press. The latter book is mandatory reading at Microsoft. His job is simple: help people build secure software. Ok, it's not that simple!

Articles Authored

  • Threat Modeling

    Last updated: Thursday, December 4, 2025

    Published in: CODE Magazine: 2002 - November/December

    Michael Howard argues that threat modeling is an essential, practical design discipline for building secure systems: assemble a cross‑discipline team, decompose the application (e.g., DFDs), use STRIDE to categorize threats, build threat trees, rank risks, and choose responses (do nothing, warn, remove, or fix). Howard emphasizes that maintaining up‑to‑date threat models uncovers many design bugs and multi‑step attacks, guides appropriate mitigations, and should be required for design sign‑off.