Microsoft has developed a white paper explaining how to implement the SDL in a more simplified way. Many developers avoid secure development practices because they think it will cost too much and require huge resources, Microsoft said. They also put off adopting Microsoft’s SDL because they believe it is exclusively for the Microsoft platform. The simplified implementation white paper explains how to implement the SDL for other platforms, and with limited resources.
Microsoft also released the beta version of its Solutions Framework for Agile Software Development plus Security Development Lifecycle (MSF Agile + SDL) Process Template for Visual Studio Team System (VSTS) 2008. The beta is scheduled for full release at the end of the second quarter.
The template analyzes code checked into Visual Studio to make sure that it complies with SDL best practice. It also tracks workflow for manual SDL processes, such as threat modeling, Microsoft said.
The MSF Agile + SDL process template for Visual Studio 2010 will also be released shortly after Microsoft releases Visual Studio 2010 (currently scheduled for April 2010).
The company has created a new Tools category of membership that will complement the existing Consulting and Training membership categories. Tools members are companies that are able to deploy a range of security tools, within the SDL.
In addition, seven new members are joining the network. Fortify, Veracode, and Codenomicon are now tools members. Booz-Allen Hamilton, Casaba Security and Consult2Comply are consulting members, while Safelight Security Advisors joined as a training member.