Threat-Driven Software Development: Defending online services from modern threat actors
- By Michael Howard, Lee Holmes, Sherrod DeGrippo, Shawn Hernan
- Published Jul 9, 2026 by Microsoft Press.
Best Value Purchase
Book + eBook Bundle
- Your Price: $64.79
- List Price: $107.98
- Includes EPUB and PDF
- About eBook Formats
This eBook includes the following formats, accessible from your Account page after purchase:
EPUB
The open industry format known for its reflowable content and usability on supported mobile devices.
PDF
The popular standard, used most often with the free Acrobat® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
More Purchase Options
eBook
- Your Price: $38.39
- List Price: $47.99
- Estimated Release: Jul 9, 2026
- Includes EPUB and PDF
- About eBook Formats
This eBook includes the following formats, accessible from your Account page after purchase:
EPUB
The open industry format known for its reflowable content and usability on supported mobile devices.
PDF
The popular standard, used most often with the free Acrobat® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
Description
- Copyright 2027
- Dimensions: 7-3/8" x 9-1/8"
- Pages: 400
- Edition: 1st
- Book
- ISBN-10: 0-13-556738-6
- ISBN-13: 978-0-13-556738-8
Are you ready to build online services that can stand up to real adversaries? Threat-Driven Software Development is your practical guide to designing, coding, and operating systems through the lens of how attackers actually work. Written by Microsoft security leaders Michael Howard, Sherrod DeGrippo, Shawn Hernan, and Lee Holmes, this hands-on book shows developers, architects, and IT professionals how to turn threat intelligence into daytoday engineering decisions. Youll learn to prioritize with a risk register, harden software supply chains and engineering systems, protect identities and secrets, and contain blast radius with isolation and network guardrails. With concise, storydriven chapters; featuring real incidents; youll deploy honeypots and decoys, instrument services for highsignal telemetry, strengthen red/blue team response, and leverage AI safely on both offense and defense. Clear, actionable, and fieldtested, this book will help you move beyond bug fixing to measurable resilience against modern threat actors. Dont just react to the next attack; get ahead of it.
Sample Content
Table of Contents
Part 1 When Software Meets the Real World
Ch 1 Today's Threat Landscape
Ch 2 Security is more than one Team
Ch 3 Why Microsoft Adopted SFI
Ch 4 How Operational Security is Different
Ch 5 Understanding the Terrain
Ch 6 Controlling the Terrain
Part 2 The Role of AI in Security
Ch 7 AI and Security Backgrounder
Ch 8 Offensive AI
Ch 9 Defensive AI
Ch 10 Security Engineering with AI
Part 3 Threats to Systems
Ch 11 Build and Engineering Systems
Ch 12 Identities and Secrets
Ch 13 Production Tenants and Systems
Ch 14 Production Networks
Ch 15 Monitor and Detect Threats
Ch 16 Response and Remediation
Ch 17 Product Security
Part 4 Learning from SFI An Implementation Playbook
Ch 18 Crawl, Walk, Run How to add Security Discipline
Ch 19 Tracking and Quantifying Risk
Ch 20 Reducing Risk
Ch 21 How do we get ahead of security vulns
Part 5 Some Final Thoughts
Ch 22 Rethinking the role of C and C++
Ch 23 Are we more secure now than yesterday?
More Information
Other Things You Might Like
