RSS Alerts

Share

More services

Related Links

  • Microsoft
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Microsoft, security and a digital Britain
    Ed Gibson, CSO at Microsoft UK explored risks posed by criminals to the digital economy and security at the Security for a Digital Britain conference in Nottingham on 24 September.
  • Public row developing between Sentrigo and Microsoft
    A row is developing between Sentrigo, a database security specialist, and Microsoft, over the security of Microsoft's SQL Server software.
  • Does weak cloud password security mean local storage is best?
    Hard on the heels of researchers at last week's Black Hat security briefings showing how easy it is to recover third party passwords on Amazon's EC2 and Microsoft's Office Online services, Andy Cordial, Origin Storage's managing director, said that this highlights the fact that local storage technology is far more secure than the cloud.
  • Microsoft gets agile with Security Development Lifecycle
    Microsoft has announced guidance for applying secure programming techniques for agile software developers. The company rolled out new guidelines that will enable agile software developers to apply its Security Development Lifecycle (SDL) guidelines.
  • Comment: Building Secure Software From the Inside Out
    Steve Lipner of Microsoft’s Trusworthy Computing Group culls together nearly 40 years of experience in software development to explain what developers can do to help keep data safe and improve the security of their applications.

Top 5 Stories

News

Microsoft updates its software development best practices to support secure cloud environments

12 November 2009

According to Steve Lipner, senior director of security engineering strategy with Microsoft Trustworthy Computing Group, software development and secure cloud environments are all about best practice.

Lipner - the co-creator of the Security Development Lifecycle (SDL), which Microsoft has been using internally since the early part of the decade - told Infosecurity that the software giant is keen to get its partners to adopt the best practices, which it has enshrined in a guide for programmers.

The guide is essentially a template for development that uses a so-called Agile development tool.

The term `Agile software development' dates back to 2001 when the Agile manifesto was created and seeks for programme developers to collaborate more effectively and so dramatically shorten code development cycles to 60 days or less,

Microsoft is now offering developers access to the Security Development Lifecycle for Agile Development Version 4.1a - a model for Agile developers to integrate the Security Development Lifecycle into their development processes.

Lipner said that the guidelines explain the frequency of threat modelling, static analysis, upgrading compilers, and fuzzing, for example.

If you're a developer, the good news is that Microsoft won't force you adopt this new best practices model, but, if your products end up in a Microsoft box somewhere along the line, the company will be "encouraging" you to do so.

It's actually a positive thing, Lipner told Infosecurity, as compliance with the code development model will help programmers ensure their applications are secure whilst maintaining the ability to customise their security implementation in a way that suits them best.

The code development model supports cloud applications, and Microsoft - to encourage code developers to come onside - has published a white paper entitled Security Considerations for Client and Cloud Applications.

According to Lipner, the paper details the security issues surrounding the client and cloud computing, and what Microsoft has done to advance the Security Development Lifecycle to address them.

"With the cloud you should think about SDL and not just application development security, but also the operational security issues on top of that", he said.

This article is featured in:
Application Security • Compliance and Policy

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012