Channels ▼

Web Development

Microsoft Announces Beta Security Development Lifecycle Templates

Microsoft is releasing a beta of a free, downloadable template for applying Security Development Lifecycle (SDL) methodology to the Microsoft Solutions Framework (MSF) for Agile Software Development process. The MSF for Agile Software Development plus SDL Process Template for Visual Studio Team System 2008 lets developers integrate the SDL-Agile secure development methodology directly into the Visual Studio development environment. A beta template for Visual Studio 2010 will be available shortly after Microsoft releases that product in April. A final release of both templates is currently scheduled for the second quarter of 2010.

With the MSF-Agile+SDL template, any code checked into the VSTS source repository by the developer is analyzed to ensure that it complies with SDL secure development practices. The template also automatically creates workflow tracking items for manual SDL processes such as threat modeling to ensure that these important security activities are not accidentally skipped or forgotten. Finally, they integrate with the other SDL tools, including the SDL Threat Modeling Tool, the Binscope Binary Analyzer, and Minifuzz.

The new templates are similar in concept to the SDL Process Template Microsoft released in 2009. The key difference is that the MSF Agile + SDL template follows the SDL-Agile process instead of the SDL-Classic process. The MSF Agile + SDL template also has some unique new features to accommodate the requirements of SDL-Agile, such as the following:

  • Automatic generation of new targeted work items in response to the user checking in code. For example, if the user checks in a C++ project, the template will automatically add the appropriate SDL requirements concerning C++ security. Or if the user checks in C# code for a Web site, the template will add requirements for .NET Web security.
  • Automatic generation of new work items in response to the user creating new sprints. Given that Agile projects can live forever (as in the case of cloud services with no defined end date), these projects need to periodically re-complete SDL requirements. This process is defined in the SDL-Agile process guidance and is implemented in the MSF Agile + SDL template.

The new templates are targeted at users of Visual Studio Team System 2008 Team Foundation Server or Visual Studio 2010, including developers, testers, architects, project managers and development managers.

Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.