Microsoft expands SDL program

Microsoft expands SDL program

Tags:   Microsoft  SDL  security development lifecycle

By Robert Westervelt | Feb 8, 2010

Microsoft is broadening its Security Development Lifecycle (SDL) program this week, introducing a new template to help IT organizations and coders enable secure software development, and a new category that identifies tool vendors that support SDL processes.

The new MSF-A+SDL template was designed to introduce Agile development methodologies into Visual Studio IDE. Companies and software developers that use the Agile principles can use the template to support Agile principles for ongoing development projects using the development platform.

Last year's SDL process template focused on waterfall and spiral development methodologies used internally at Microsoft for development on Office, Word and Windows -- projects that typically take years to complete, said David Ladd, principal security program manager for Microsoft.

"The trend over the long haul is pointing toward more rapid application development and Agile development," Ladd said. "In some cases, you may have a Web component where it doesn't make sense to use processes suited for rapid application development, waterfall or spiral."

Specifically, the template addresses projects such as Web applications and Web-based services that have ongoing maintenance and development efforts, said David Ladd of the Microsoft SDL program. When a new iteration is added to a project, the template helps create security tasks within the SDL.

In addition, the Agile template enables the SDL to check Visual Studio projects and website coding within the Agile source control repository. The template will also give the SDL the ability to create new requirements for ongoing projects.

The tool is available in beta, and Ladd said Microsoft would accept feedback and make changes to the process until the full release, which is expected by the end of the second quarter.

 
 
123

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
Federal government may step in to ensure privacy protection
UTM product offers Logansport Savings Bank superior protection
Top 10 tips for protecting sensitive data from malicious insiders
Healthcare personnel insist on social networking access
Virtual patching makes an impact on RSA conference

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS