Microsoft Tool for Secure Development Will it work?Microsoft recently developed a Security Development Lifecycle (SDL) tool responsible for assisting programmers to integrate the knowledge amassed through SDL into their software development environment. SDL is the corporation's patented process that ensures your applications are as secure and error-free as possible. SDL is a very important part of all the software and operating systems developed by the company since 2004. Therefore, the company has opted to release an SDL Process Template tool for the Visual Studio Team System that maps SDL 4.1 in its totality. Microsoft allowing developers to easily perform secure developmentAccording to a report that Glenn Pittaway (the Group Program Manager for the SDL team) submitted to Heise Security, the source code must be present in Visual Studio in order for the template to be of any use. Regardless, he acknowledges that Microsoft has done everything in its power to make the tool as simple as possible for Visual Studio Team System developers to adopt SDL. Even programmers lacking certain security skills should, says Pittaway, be able to write secure code using the process. He noticed that Microsoft's SDL 4.1 has fervently focused on online applications. However, web services and local applications that are continuously or regularly connected online compel a whole new set of security requirements. Consequently, the SDL development team has placed a strong emphasis on that particular area of improvement. With SDL's help, generating reports and statistics that can be used to examine the performance of external bug-detecting applications is a relative breeze. |