Microsoft Tool for Secure Development Will it work?
Microsoft recently developed a Security Development Lifecycle (SDL) tool responsible for assisting programmers to integrate the knowledge amassed through SDL into their software development environment.
SDL is the corporation's patented process that ensures your applications are as secure and error-free as possible.
SDL is a very important part of all the software and operating systems developed by the company since 2004.
Therefore, the company has opted to release an SDL Process Template tool for the Visual Studio Team System that maps SDL 4.1 in its totality.
Microsoft allowing developers to easily perform secure development
According to a report that Glenn Pittaway (the Group Program Manager for the SDL team) submitted to Heise Security, the source code must be present in Visual Studio in order for the template to be of any use. Regardless, he acknowledges that Microsoft has done everything in its power to make the tool as simple as possible for Visual Studio Team System developers to adopt SDL. Even programmers lacking certain security skills should, says Pittaway, be able to write secure code using the process.
He noticed that Microsoft's SDL 4.1 has fervently focused on online applications.
However, web services and local applications that are continuously or regularly connected online compel a whole new set of security requirements.
Consequently, the SDL development team has placed a strong emphasis on that particular area of improvement.
The template allows each job (such as fixing an error in the source code) to be assigned to a specific person or team.
Also, SDL makes it easy to keep track of the progress of any undertaking.
With SDL's help, generating reports and statistics that can be used to examine the performance of external bug-detecting applications is a relative breeze.