Microsoft updates its software development best practices to support secure cloud environments

Lipner - the co-creator of the Security Development Lifecycle (SDL), which Microsoft has been using internally since the early part of the decade - told Infosecurity that the software giant is keen to get its partners to adopt the best practices, which it has enshrined in a guide for programmers.

The guide is essentially a template for development that uses a so-called Agile development tool.

The term `Agile software development' dates back to 2001 when the Agile manifesto was created and seeks for programme developers to collaborate more effectively and so dramatically shorten code development cycles to 60 days or less,

Microsoft is now offering developers access to the Security Development Lifecycle for Agile Development Version 4.1a - a model for Agile developers to integrate the Security Development Lifecycle into their development processes.

Lipner said that the guidelines explain the frequency of threat modelling, static analysis, upgrading compilers, and fuzzing, for example.

If you're a developer, the good news is that Microsoft won't force you adopt this new best practices model, but, if your products end up in a Microsoft box somewhere along the line, the company will be "encouraging" you to do so.

It's actually a positive thing, Lipner told Infosecurity, as compliance with the code development model will help programmers ensure their applications are secure whilst maintaining the ability to customise their security implementation in a way that suits them best.

The code development model supports cloud applications, and Microsoft - to encourage code developers to come onside - has published a white paper entitled Security Considerations for Client and Cloud Applications.

According to Lipner, the paper details the security issues surrounding the client and cloud computing, and what Microsoft has done to advance the Security Development Lifecycle to address them.

"With the cloud you should think about SDL and not just application development security, but also the operational security issues on top of that", he said.

What’s Hot on Infosecurity Magazine?