|
|
|
Microsoft Beefs Up Security Development Lifecycle
By: Darryl K. Taft
2008-09-16
Article Rating: / 3
There are 1 user comments on this Network Security & Hardware story.
Microsoft Beefs Up Security Development Lifecycle (
Page 1 of 2 ) Microsoft has evolved its Security Development Lifecycle (SDL) to help developers better address security in the design and development phases of the application lifecycle. In addition, Microsoft is delivering an SDL optimization model, a new SDL service provider network and a new threat modeling tool.In light of continuing and progressively more pernicious security threats heading into the application stack, Microsoft is evolving its Security Development Lifecycle and providing services, support and tools around it to help enterprises build more secure applications starting at the design and development phase.
Steve Lipner, Microsofts senior director of security engineering strategy, said the SDL is a software security assurance process that has helped to embed security and privacy in Microsoft software and culture. The SDL is Microsoft's software security assurance process, which has been a Microsoft-wide initiative and a mandatory policy since 2004, And the SDL has led Microsoft to security improvements in flagship products such as Windows Vista and SQL Server.
Lipner said as part of its commitment to supporting a more secure and trustworthy computing ecosystem, Microsoft is making SDL process guidance, tools and training available for every developer. So Microsoft is sharing its SDL concepts with ISVs (independent software vendors), partners and customers with the objective of improving the security and privacy of the entire computing ecosystem. One way Microsoft plans to do this is through its new SDL Optimization Model. And the company also is finalizing a new SDL partner program and a threat modeling tool, all of which will be released in November.
"Enterprises aren't really focusing on security during development," Lipner told eWEEK. "So what we want to do is push that consideration of security back into development. Fixing bugs and problems is a lot easier to do in development than it is after a product is completed."
So Microsoft is providing its SDL Optimization Model to enterprises. "The SDL Optimization Model is a maturity model to let organizations self-assess how they are doing with security practices," Lipner said. "It gives you a way to look at what you're doing and think about what you might be doing next."
The Microsoft SDL Optimization Model was created to facilitate gradual, consistent and cost-effective implementation of the SDL in development organizations outside of Microsoft. The SDL Optimization Model shows an organization's security at one of four levels: Basic, Standardized, Advanced or Dynamic. At the basic level, security is reactive; at the standardized level, security is proactive; at the advanced level, security is integrated; and at the dynamic level, security is specialized.
Moreover, to aid in adoption, the Microsoft SDL Optimization Model is grouped into five capability areas that help assist with budgeting, planning and staffing efforts associated with software development. These areas are: Training, policy and organizational capabilities; requirements and design; implementation; verification; and release and response.
|
|
�������x}iw㶲�D�wgv>-ucY};gP$$1H]LS��Ji'mK�X�
P(|Ggo�D.\ݴ1ܦd���轿O$w�}��L9UQ#C3W)9bPg�34mzΠN@\��~}@^cfw��D%x�_'Щ=ѩ�wɄZIP�Qߗ>}^~l��.prL⎲Q�m5x�uGѦ�%yC�DR�ɏ�m@|#�ַ(>r@ߨ�V�ANé-}!*{�|HJ%h�!�G�Qus?;z'��_h@a5w0NKgxHk�NmW ȓ�ۭ@5l�v�i!rs�!�gߎ�z$fRvn8Gd jI:*�`iTi11܋�]Lч�@ڮ�S.�PVfFԲ;g�uGg�cGMҳ�GCL�H��6=~0[��Q�M�K�.l5ZJP[3'C8:)xA'�ס,jO`U[۾�x�syHf��.j.�9bc�m ͻ�
��Ї@2zz`N8,2訞þ�ʲnMw��Ͱ-6@6#M-jZUQ
b�kG{}rL-g`*sgyÝ5꭛](eU�]ϯr$Q�w;�ܖu`*:n{'Owq@.�{A~A7"�DT)�Jj\(�MDCa�jL�q5 {�PT㍒~7jJV�4E;
KHR�gS$!XI#F/XTU!�[SҺ췮۽�NΏۭ3$oIJ5<�JEӀ�H�Z�vB�,E%M{#gkr>i�>s鐚&�tXAZ|YkU[_nG�_C&wML9��X@.@ש#04ǯhVj5V0z�[PĿ� E/<@'�L[w P3Z$9�2��3=Pru&Sk~�$M�]5Ŧ]`)exFS�$%/^P%P샖_[�2jFt*軤(If0;A0<^f/�_��\@�
1
p1S{"�.Ӱu�irv���ZnV͉*YXYu�jZl�Y?�iQwθqj?^NI{Nk~hUbyƆƇ�j�",�$��uuTSt*Zl:�7RQ�^Tjrk�h��2ud8��İ:AGA�ticšh4έ@7&��h`C}ҍ:L ���{ݣn]='tnYXŞ�*LRVi50C
m�| &>v\�l�8d
((s�ɹw[P&w��z
�JC�ˋ�F`���V��<���2/?>�f�xs݀�ܧP�}-�{`sDoweC���97(�3x?�+1
��Tt�IjKi�S�wӿi
����|kV� S�pć��9E#rQϚX� %<�.�ƲB"57�&�QH OzBneHSy%ew{��RgaE8F2�b5i%nQ/|KĝR48%'1Na�sW|��]Ө5@Ӭ�YK�uooE[�9(�ĿKӺJ�jp -�H#oh��koռE_x�ue8Hi K-C�rB`}.E�6G�h�?40��%Ϳl�]��pZ#>{��+�UVj'G&,m+Vod~4E�iZ\-�}�s4
� �9P��87SJ$l%K�W�w�=hZz
F�<> 7�=`zu3 ?;`3�ǟG
)a!�c$R+}ne�ͨԪP��-�"�|��@(
�K ؈㌡�Uraڏә;�ҢwZ^Sv˦Կ~Fl4]Z#�V!0\0|pD30`,e?C�OM�b^-!z�ɰ\R
�116�D�ȸau-`by��gc�]WѹqH8l�1D:3���`_�npf
Z�*�"�~~~049
�J>f}<~�B+�p��&�L>Fk�wYвJzu6$�T.(J9A�)` N� 2&|h�<|�CH�&,��\$������ ���DrAa T+��c//��'�7]�.��K i?aE�"%1ڣ�s!�a*/W+ \|�;OgjZ(T+1:ʪZ��J:�_V�2�שgQ�!'p<7L�M�"��]մRb-�_��
s*?��,mǤ�|e�4,tn1�a%[>C?9dN@u3 U�s4��NPƫ5_Gd�xYô;9Qo@H�ms11����TowA7�$p5ovթr�Vg�PWt�Y/sO�Yy"
2��2V&OB�(Jh-[r_8�A~�V0u^A##ȫͦ'�kj@'�gcO7)~�}$DC>km�z~L�s��e��U7MBR%%!^ͳ!ӂ�[-�0B�S\r8�kps)p}�/O &PFzMʵ�D�]Rx*+na/ew���S? &i���i q�5�5;fGXh;ɲ6!ڤi��H@kX�Pq+�$eZU
ՂV'�uPpz�]�Fߋ
eRԣo{{k7}óf�A"WP)߭~*�9�WIfT.jZ��l[)Uʹ�>"�4a!`��X>�bxEO��P?l]�Z.+B�vQ�*�s>P�|��ɷo��njC?: +�~W?l)ɡ$ |J�D�A*o����[�/I6]S�0:;_�ݘ`3ax��-$�Qԕº}w>�ƶϺ}i_|>A&�~�?<!o���9o?��{4{cq �À�>"/O[:$#�?\w?^JNCj�gya:dF&{�v�B�,
H
oHzq!s'^y�{{<=m_~;lY?�`�y�Br+~�p:�K%E�;"�˖u�߽�<�rDp�Bj^?\�(d�0
srj^g#6b�L`jX&I�yD#Sk�!�x0E���6D2F�L`ql)LZa"A|)J|
>i^@�� Rr;8%@lb%%hҫoeW!����|D�s`�=C�D!aFCrWkb~�=ZU${ݝ:��h�cIs
��ذq�;eΫ� P|��v�,N��W�3l{Rѵl�d@T7&�]��Z #z�}
H{O�,ik�n;�;=?P.zZĩUrcc�䰎M��l3,�LjDžܳbt�?K.}Ҽ跮Is�09n~%H@Rot#k�5y�ՅO>O�4wX�\/f8!-[wzF]Y�fg
'oc Ǿv/ݻw�~Zؖ[q*A=wC<�R�#K1$�$Z^VP**s攤˞CȔ�X�N�Gƣ�b[�0dƛztI�JGs`̞�xqK7�bR�c8�A�?�'��w.�z@z@pSx�{Zg%QJW=�qM@kjir\"~^YZ�䑼D�qD%��t`�
u�U6�m>=�-3����hL Z6;x6tY��A�AXy� !h79; 91l��Pf�pvn
֘@lll���4�Rbh,r9٦p��r[����0\9f�>m`��\RT=�mIϲ]4�BĹ){$l�N@' 1yxi^�_�? -Kyk��}6�G{ �jzn-ADP]ǾN|<,Z�P� gY$��Lj�Ba�T:XQ�m2's1yaJȂҮ��$A>w量Bl,d5mh t����h/׆�.F�C֏(*aV�j1ԏ֙vV�ۊ��Ck��ܚI*qJMl;�+~dӆ&'%KR$�]q"qe�/.+q�=�VnA`%}`~
��]Hޥ5��<Ud)5�9<;s2C>tJєbb9a߬e >����, �Ǚ��Y
�29Њ�MVJLVgE�hY�mޤwx��?�3�,��BHl3
$-;jU1M�57��o9]#����(KChH9g{io*)M�9c|Ф%"S{�&Td$i �JR&���]{0+�o)3��[cf`�#-$ZD�|)ӔL:�"%xA`˗0
qoAy )%IMˠst��`є�Q��
O3��a���ʜlRI�FH�D�nW"ޗGM$wBcWv7Mٖ
/%W-b�q�cBADX�潃I1
tL �ݪI}�Z/%�L
!�dR$�p�@��e+z�O~uGJUUInKŗԎeNYm�u�0=�&���D�)�gX�# AsLz%UjJVΠP�DI�Q"Y'�L_�Y!�%K>"SOF^�Q��/cOzܴ\"�IoA� ��� U�IBv�tc;Qё-�jƥ�`##-߭p�@0�_DnIJz4U@M[�zS��<-�H�lb�mw��_
w1�&ap�@X'"^[�$��gG륶<1&Z
�|4K�s,˄k\̍ƍ-N�}<<<<_ޣ]hj�X^c{a6A1(#X��_L=~\P|O_R.�Q}�^4�S˘w@Ab[u-)A{eJ8=Q�770�f4�>>R�oE鲻F)#���bx<٭SSP@9OJɯnIY/M�ѧR-��PDk:u�OwӼb,�B6|I�'�>��>Iz�0@/ƋڒN_ŋ^Pȯ�`��
G)��:�pAv�1IB�q�(A_�9$2T.i<-IR'!
|z7JMܱA�6E(!V_�$_$4�0�_hL�'
[9A4��hIhi<-\낥C���QwvA|(,"vl�75��$� I�d(/3�k kݒ*dߵE�9l&T=s����7x��Ԣ��uMƿC��*ŎbX�͠flGy�c=�I!~Ɠ_].<<<<_VUnOm��@-I��3L ,+G�6�/zj{eR~H�{& �� ﺋv��~@q�:Ʈo|i�nte+6.?'
�,=2�S�*tlQ=
�p"IPij��{`��*|ij֠t�]ևw+7XKH�鬺~C�>A $�B8�Ŝ�9%�a����*ifڛrS[/7��NB� Րē�تڗ2Fj �nK�P,D���_ػKw�-�t56y}�a���{Mť�u$���w-cKDHҟ8O�f8¬a52
_gbh(С�f���Sfo|]�#InDu%kPa*|y͑km}m++jw7Fb�(s�҃V[lr]�sb��ş-/z6q#�̝�5!p �_tB/|�˕{[dp=w�.Db
L^6�B(5;6[7oLPHvj}m)kk3"�A�-�[�o�&
6௶eulau*-^�4/{l��ȪhֲƑ=:uRRY,�eeGbr,+˩u3��
z�� ƗY'��[IHg�s;#}f",N�kVt:P25avD�Ko�p
/|pL`I��|`u1
נ 8weQ|^_V"�W-N[�/*`5Tw2$M��[=��-{8S[�xv16D1�P10&KS\O!^j)8�S��ٿgGϼ^;P��`nkC�ƵV�xrz͖�9T7F#�̞D3*
I7!~^c�iW�'2{a3��@�a]I��Y�Uy�fSxUj
vf4}��S�u&߮[y평[D= ?
KD)`G%�vC~3�t'8~/�'�j~h!W:ߜ%8-xs�Q�).�ޯ�o�tN Jv%xrϷ�6��X++F]{N9-0��_~ۘ�P8K[,zťKpf�$5d
_M�,6a�ٽ7)ȁ;[�
��(�яTmSO*�7�s�JN(aږ�ɹ+I#샒=�%h�Z!,Q*Ds�đ*?Ñ:-V��FXz-�7$E�9��D NE��7���wya`<ĒI
r(p#(iLzS^�z2lsq̩Tl��/ZNx}YHkcΩeZE9�>%�Rky�KN�ߥt�c��=731aɑ*B UNz� ytFu�ӊ��*R!Ѥ�F�&
-F55�R9�6<)fFllz^C�`5�olz^CjM` osK� }�+n'-浻sx"(fU'j"qn0uv&V
1�z��1[T�vXʳ�˛u6��W!l�Aƞ}8M/k�瓔K�PIV
ף6:F�̽O$MDF0ƹU�2�i�գY�SйcWVRѪE�r��ˁUv�(ëk\`DG�x&�,TOಈG=yԑ8mxΆJZP-F=bRa
*zd1oM�(ǵxxX �B�{ɯ'ߊ|Q�4 �+cn5X�x̉e3![ �,FC,+^Rc$�W !uNs'sđ�ۋuNhO0B�V`Wlfm?ڒV�o5Jz�(ӘALL@�Gr;caBFX �P':�IoF
KG53?b)m:,=�W0r-�x+jO;k(�L��m5jrGh%�hd�ti<
4�99�
T�TbЭ�B1˪M;InP}sY?e=`
�'�2u/x߹[!VU�%ru�Z�B�_�D�_�-%kf}L`߄>�F�S� .�o
Arj$�p�
?l�@��`m̼@GB�Sxg�&�؛ZWRO����7U\�N�_��_!ݰ�,VI m{7�R[�$y�?ZĮEH����'��qujl_M{a�Ȑ]UQ^[H���ֱ1{�=aZ�?� 8�OF(��� (�]A.;�Bx7t'l.ck°:�?�raqn?D�rБ`�A�1HS�2/5꭛/{JM)`�#}A~b�C:�
�Z1���#F(Є��G#g^q79kN�-i`IkBx$l��x
�D�z��Kq���bZ�Ř!b`7a9=g�1;mf~"eL�Jl/u�z�; +?,P�Y�
�G�3wȣ4ϓ/�}zT�P"bTȆ�]ΰ"�@�[� g
o���
c�n
Q@J ͍$ԇ:�Us�/`�6s}``EP00��a|Lo�ѧ~?]fu:�R��L�"%Ψf�ldaQ(�b:M�u?��}�簈�s)aR;5iV>�NWv�.7xx Zѷptԝs=|ҽ|־l]]/ƙ&hT慾xQ(Xl�%ebvʜTN��Ks!Yx�9�K��xU�"
/�EL�yx&ĵO|ݿ)Qe;̋ QW~4AL�7OO[֖SހVՑt.f53;ژ�oJ�c>s��M�p���4ħ�EO\#4[E�EFPsF/PKF5_/?i�63ʻP(GJ/?��2Od}�,�?��2#\_~5ۧF4��gڗ�vF�?2?C��"�>hF'c~:0N;���o�O���賓A�N�}"^f�(?@?2;P(̘K�̘..ȟn|fȗ+�2�Π�1�1>_?/�1>Ar�ߧ}�}
d�d
M�%u$e!(ofY
�NoT�8�\8^Je�YWa uyQ^�yVV<^`fk�W�x.�rf�e{�9;[?[Nu
CFWT=k /dmMu^k8VҮap_l �_xi�
�+{ʒyH�2�r hxVyd�b�
bye?VP�w;]�CҤ�]�j. {%])W[O'i��kr(s<2g!�gs=U2�6C�{":�QU#�|.y��|e8�Nt7<1 }^fҖ1��.? v�d{r��.�v�)n7�pK|��`
U�75ipq[~|^P�`26UJ`
�z!�J1
=4c֭dK_c(wp E��#Уc�o�w̺H)˘E͛YȌ�*�æȗᄽNگ�!�ā`
�}pTB�Pcoq�
=s]
�YI��4ûPܹ?|I$6VI�2hؐM�ؒ9N-#� N>@OgÙCw�H�Y&38W�"�7�.@c�
dC�!,�x
u0e�
T |0�mG%�`"�>�oє^\C�
N*˗ X֭2\.�|s˸ [2FdX jXJr�
h;9�!V�ɱF?[ >s�R:=bՇ.f"�(�luy9M"�xUh�,0�G1i�v=|�v�^{-HZ~�n�u6F�3.1��A�Ӯ��_u'@��0~|#�>�/�chd1Mk��+c͘Pಁe"} 3
�sTt�|!���,ڍ,Gw��U|ٱs�˜2L1Д8v2COA#t
Ok�e[b |kc'p�'!MX��ou;:SA\W �Cr�⁜0ћsxa_E$z
d|$_Oxƪ~Saxr=F=��з��57d�([|�ӽG�i�zQ�Z`+��슧�~���0qGĶ2C|R4Oepv��Rvc���dLw�9qgS�g _((U@Eqg˫Py
6s6�NAxmѕhOɬ�Ql>-��/#]^D&+8~m=fu�+U�rcd+�{f�:ePEX�l'ᠢW5`/��9H�]3(�n)ZF��1u��VB\
(c��tAL?Qa˟]zTqٮ�7(G,cݴ+`�jk�7E]YtA&G[�0tczoz�N϶pA&}+\�X�I@
qk.-�ua4,Lb9��"[^QI�(`�vX�3�|,@a)5|d��n�~ӧ�4pRaL ��(b[и��Z]LvdzU]�Z-^chX$֬�"�K�0�Gg=��z��k|�XK�z\MkÔ{y0ѕDM1F(ͧ,1�3,@=�փ
LW{څG��Qy6;|���,�ݐW&�Lv"V�7rsh{h۟sT*Ha$��R3 �Ej z.�t3��\04yq�Ba��0SSQ2��J�Ѭd�;j
�9#3N�~p��`\YG��7�^Ekb�~g!g˾t/>�Jz�`�g^VX�vQ��Jeǐy6��x�L�
2V*w�NVtƦ�I21qzRSVs0v&bBmP?-۔̡r&s.#�M�W\e\)ҦG(�F�s+&|Ʒ�R2ұeRZ`l/Z6��+��
|
Network Security & Hardware 
