|
|
|
Microsoft Brings Secure Development Help to Application Developers for Free
By: Brian Prince
2009-05-19
Article Rating: / 2
There are 0 user comments on this Network Security & Hardware story.
Microsoft wants to speed adoption of its security development lifecycle (SDL), starting with the release of a free SDL Process Template that is integrated with the Visual Studio Team System. The company also announced additions to its SDL Pro Network and updates to the SDL process.Microsoft wants to bring
its secure development lifecycle to an application near you.
In a series of announcements, the
company laid out a path today to speed the adoption of its security
development lifecycle (SDL) in the developer community. For starters, the
company has released version 1.0 of the SDL Process Template for free and
integrated it with the Visual Studo Team System.
In the face of growing security
risks, software
developers should leverage Microsofts freely available SDL programs and
tools to improve the security and privacy of their applications early on and
throughout the development lifecycle, explained David Ladd, principal security
program manager of Microsofts Security Development Lifecycle team, in an
e-mail.
Part of Microsofts Trustworthy
Computing effort, the SDL is a process Microsoft developed over the
years to provide customers with high-quality and rigorously tested
software. In addition to engineer training, the SDL encompasses a systematic
series of mandated security- and privacy-focused activities such as threat
modeling, the use of static analysis code-scanning tools during implementation
and security and privacy testing. During the release phase, the SDL also
includes response planning, release archive activities and final security review.
The template's integration
with Visual Studio Team System (VSTS) is meant to create what Ladd called
a "direct line to the developers creating many of the applications used by
consumers today." VSTS offers development teams an integrated set of
tools for application architecture, design, development and testing. Beyond
that, the template also accommodates third-party tools that work with Team
Foundation Server.
Taken together, VSTS and Team
Foundation Server provide a framework for managing software used by program
managers, developers and testers working together on a project, Ladd said.
By integrating the SDL into this
framework, each of those project roles can leverage the SDL components to
easily implement a proven security assurance process, he added.
The template automates the
creation of base SDL requirements and recommendations, and includes guidance
for SDL as a how-to for users. In addition, it provides auditable security
reports that can be used to verify whether SDL requirements were met prior to a
products release.
In addition to the template,
Microsoft also released today the SDL Version 4.1 documentation, which
updates previous SDL requirements and recommendations and guidelines for
line-of-business application development. The company also announced that
the SANS Institute and the Science Applications International Corp. (SAIC) have
joined Microsofts SDL Pro Network.
|
|
�������x}ks8q�8c�=mGJɖ�kc[^K7SJE1EjIʏ|9u��IP�Z#='-�`�n4���IQșgZ;&5w(ٝzV?C.%Rw9;
'iɑ[ԯ��R f� geEM�ܐ!su�����>[R�T�>J�`OS;Su� Ǔf1 amW�*=ڭ3��ѢZ�eb
^Pk$ȁ_-�Ck9�J��D�֕Л�5M#�c[$QT}乡�ؿS=2ЛS�.Bt!|@Z%֨܋�ϣшIG/ �S�;/�!�]~�F`��dx�P�;U�{Q�hw��/D�@^�k�c\ȡoh�=Rxc/l#*05NR�Z [��XdTF�w�ӁX)�u8r���=ap�)jȜ�tm#*��P;EvH�EA2xfP�TB$lpa#�$a^_y��yN �f sȭB ¿{k7�߀�sx3k�9l"'l"R� ?q`BaCz�*��z�ڞ�E&>�rؗ�U5aF�:&P�:7^*�UM;,T}�l�v6Ne,?o_gZY7�M?^O/s$�(1�`
mK2i�}�U9鑋;uP} g �Ts#5��UJ�`^.�
S�/�ZH��::~XBn�,>:GFI/n;|#ܲ_/�qh�4dP�f1|;0�F_8躶rn�곹uk]]^-k��]['>ߙecfy�3蕊a�?�b Jo3B~4X:O�fKN:W>nu�xsZ��taZ|]kUV�1?o!~[� d�Pwqv)ji_s�~jv{_.[d�[$uXU&i��M7Q[.r$'�}!cw#,�_��Pz3oV5
t�@C��%�a)"���:us�P;H}sڊNm҄�
�9B&�Ϲ}[��7��hr�
Ce"8?�ӇI��hJq�Ԩg=ذ�1�"%���ZqO�L�z@@�,\D7h+�Ԍ��S'�=^f%/\��RRG��2�Al8{ÄWҽwsQ��9t�aqq�}ZoV͉*]XYu�jZl�E?ƴ;=w\?i5zZMҽ\t;6>`U�}PhDv�ZM]�qsu\t4*t�?J j�ExQߢWl �FKX̶P:�S��s'̛<�0��;sJ_�OeϧH<�&�`M�/.C˥~jpb���>#ä��wX�(3}c�O�E%_�¢�<�)
f�&zLH۠h&�kIj]/.A0?.� [
O`p<�&[�xk
=�`DVt���#`��V���<� 2/?9�a1Cx�y@���ȁ3�woO6oM1��&��Sk>Ϩ�(~S9-WR��;C/0tSt|JIAS,"D%� R
h��4�AG�EBEN�m�b$OH�X/�e+TbD4�JnO�uycJ"ڹLX*QU,p[/Pf%i2m<��W-&D7rbe�.G VEwKᙖ&ZlY,j_§C*{�Z=a �{@ZgޣX�K0آwB4?f! s WQ�'&�s�?;\
!X�zat=疒�t0|Ͱ"̴b֜�Eu4>��ļ&nNm���{8!��&B~�aZ&4"
7�Ys6slj��r�gxC:m0s�k2�'�ym7?>{@Ol\n��|4Wuϙܑ�۽�RoBoڅRT眺_dA�_fMj�lȌu>IVB17Oђ;oW f<ݤ|r%m�{Vr="BcX`DoZ�z?�m/n�Z�C+>q^i.;[@Oe]Zr{Q^WӛA'~.
B[+�Y�&���&ےx��A-ʘ�ŗZZG"��*M�P>�V�"�Cɧ�qHL�l(�E?
7Qy=�{gO��7l`(`
5 )Kb��ͨ$sXj&`ܰ��&���P
�
�wK~8��;[0P.m�^�'V7�y{�|N3s�\�G��c�p:x>27xAB&2'�V�[���
?����'��+V��#�Vs�3t��a.(�
wjFd>j�'�L[QH�z{�=c�Tf�ha8���:٤"�R��XO%}�t=!L1�D�lVaj�i�L*o9wM�>QȦ@Pl>-Dmw�� <�ipb�Z�D^��Lh�KA~jA1*=u�~K�Vm�p+z\qg�I^�}��iєa˘7|ד�(�bA�Oܥx&\3Qt�P�Nq`2ۊ��hȈ02Aq�_8R"8 @548�~�xf�� �4O$B\��-
-]ǨNS۔Ё����T'iAh?DFGii}~هF9#,!0K�w,"JPV�jS(zrX+
oN
Ls��)' Sf���}o4�W'8�}u/?�mְ/|қ~^�L}6݂�/09X>>4uj���n8alAc�>eL�ZvCiv�6�]M濕I3�旅�gy@<�s0J�/X`�c1�s>
.}<�S�gbg_b+o�22Owž_F�p��a�Qpg�gj�6ȫ]sԵѻMc�l���~Fq3`yS"象mBt�u�+Gb#f�ea�� b<ݚ�$��ù�OR-4/9�n�7=V.��R
2=ct��z3{�7v8V�~5?u];C{�R̚,jA�m>a,0r�]C)F�|bK�2I*"E�eB�8N[�H�XL*r_m��ւ��ad|?t\Q3@Q�>4�EcE�i\�xm�Q=ʧB�TuQR5�TbPK~萋N`#EZb�ЯdL\5�AK�l!/`.P(S�/�lR̭DД4Ϩ���7d�Rb�h�
kcFQhCs&7��,\y�`g�
3n\����fCrj8y�jiv�<�4W}l〔� Z>~|h*Ƈ�?�
�A;f
B��8o�I�Ť9得3zZ^6�势ðNzQ��嵀��dDW:^\9o\}h_/~�w:W(!9k_� ^R`&!�qpqU4*$Yq�p|hq\3)6MF�1W5�K#fWDX�h`�Uuř���b9��2�"תW�K�fpx�Z�w�}u�Y,P��T�0�v(�`��X�)��XAU:^5G:KY�6P���^5(+RJ)"4FYOtYG�>egq�π/PAS�):�*9Q_[QkѷoYoDW蘧Y;G|_q-5s��z<~6�\1Z�Nj?�!���g.4r㿼yQ$��r"a�]Z�inu�z}@&eQ7DZ3pu*h�hwu�<:�RpLCR��C}8&�B}H!G[yRb}�b%oZ4ҫomWA؉��C>lj9l01z�B>*�4�t#~Eaםks;�;c�H;2x�;�yZ1�ݮpne9�jj;t=z;Ojw]!SٱDs8!��=k5@�ǂ��<3�~��`'6<���U]q")Xf�LQ!ʳ/q!y<�w��H-@ �Z�=Goqw>p]9Qz ACykl3rƸy}[i=h��}?)IE��y�cP]�OK�SiϑlLcI"뺑7:�w7P`\8�墫jwr62�Ӣ� �@7UU��(f~\;pOҠ%c�;d0
x2{K-7Kx=*A�O�Ϧ�v4�]f+wuB%}-JKz%nwQ�h�r;UjiArR,y^YZ�䑽D���:Hڽ]
Fu�U��m9]-3="i
�1NZ�;xжL٠��~�AX0�Vorl8Grs&�8<��O�P`G
�܍)³��$`DI@�缩g6A� jm��Z0\k9f�>
��V2$IFܱ�So-*ߞ�1;l�T���̈́3S7�O�pM_k
w]�5p���7�_C_b��J�i{\nEa�Q(^
|�"s�(s��K]!�Щ*ͱo٭j1�Sr�"u]+jUuW,w|�G=X:^p�+hBo�O>#�t"AgΗn!XנSݑob�= j:-!Q+>R�SX�Uu4>�RПvz�NgM�N�<;}�86�0z`�E9�k; ,/z�ԉ|�,| H�i.8q*'�#f�2u8
�_�uE�H(n}Ӛgp'K%.*�o6ڵj�T.#`ȶU-81�q]�pIޝ4@ɂ
�pÕ<�cyj��4dϲDۃҷI��i��sk�D��y?��:K2c�ԻSzr�ՄH�ؖJZ�wG8Mym9i겎�CL} &Cx;JG�;�V82�n)
wuҥb%a,x:O)#\zEnvq *
^\֒�k{�+܂Nj`ؔxSNK)Xsh(HC[F!96�#s �D[abq89|p+WR4�#ɹ\
�2PMa�qPZopa�e*Zt�(fJ6}��<,+�,L
M<{Jr=_ي
^ٔ
/W� mq69
�*��nT��m^1� o^��nM�kKΊ0!b�NeDM���?}�L�
�5�?2�d� ��D8 X$$Jġ*[ ]ߢ�ؔJ8]Q��5%z���z*ZHKEMPrgM0
W䷢^b�?�Ķ6�̥Mjk- il8(S8Űݵ3I�Qyԩ?KiݍѹrPZ ʹic�B$G.
eۺX7�
`q�Q�Í�lF�J�4?-9�+\~sR�c,_,�Bc�~~~~W�k:z8QI/>^Y�]Ͷ�COiX,TC>U��K���
�jz{����H��<��7
�Q8O7wPkL6�$<,g!w�C�nx \��2kTv�6
���RD>.4/��&1I�D0ԅ P@��{IB-0SiS�ڋY�m t67.�W�TJ~9gxD;L��d��Wݐ�/ RL�Ԇҝأ�I�@Y`ԋ� +Wsv�X9*[J�|3
rS>L(N6F�;*�;(be
���oa�$jA,uE�$niF72Ӽ�br�/�e�m#p----|eRՊ߶2�3ys�9s̺�f%`a��J:`.`���xS�pHx!��ϣA�+\lO�[^zL��Er�}tO|U&WlNgK:&+lo�a1�gU%,"X84Qdݒ�Y�DGdzΎ7w65?FxggWJF)�8���$φW�V\Qq�L73�O["�)Մ_��wh<+5Ws1"�h^wkBԞB-`#d;6=㵙Q=`l{{�7i��i`�ذ:pX0�ʼnjw9�*�O-]J6�c5%
ne*iڷ�.��_�?��
ZRˬ�k2iE$2���>2b*NhV�3P2wmQ�7{ r$rpD��Ϣ{�|빻O�[϶hPT*>kA�~�//c~9#$�[ w
�
vF1U
'ձiİO&^~+S�l�o��x�r�1�8Q;7�~�Yk{ڞQ�,�K
Y+
Zi,KV��AXz-
�Ōm��Y�"�'"�K"R�V./>
�l?��Q�X���m��4/-3gBZ�ˁ�Tes[��ŧ3j"T),d��i�!&T�x#-5̳�Rhs&n�>)fF<�@�ƏL\j=!v�c`,K�|�W@-;sxb(ͪNt)o?pLf՞Y
p2m:b�KvXj@�U=z<�l:Bɾ�tk �6٦KMµAʥ�8IVS��D#�I`e�fӀjRFA+rp!~c�UjQ��y�N��K!r gx!۹=�ɋqOB^pY$X�O:Vga^L0w�T2j9y�~����Rta�`=30Y>G�V$(���8�~z�ʳrs�CX�a>�(�[�ozpWӸ&VK�k�FAD�w�p
㽽�m$5D#NntP4{NL�tM-R^@/�c܄�3B[�1/V7WS�lq�WWC`3+nslK^dh4� ¨ӔFJ�O`��tM6�k2@$��&N#$}#7Q�^߈�f�FܞVk=o'W�P�L��71eIGh%=Q�
&�{Hw,�g1�^+@JB�B(fYiv'�w�\��P�|P-7痟p+P7Ci+;Y�!�=Ui_ij8AnYasX|D`D��8E'��:WF-ɥ%F�/�|�T�3/b-3-Ѩ ӑu
1a�|"zJ̥.�= cN�ܘ8}���
roE�VIz# ,@�"uFf.&�T)
}1`-��hu뵮a�Ȁ]KQ_�{�::�}G����a�g(4�^9�כ;xNuJÉ���@M�A"�\*��cNgan2jt:���!&m5KޛQ.rQQi{b8M�L?3�,e� s!aZ;:[Q����I�u�@#!��9ω��k C�
ulb������{�}�bV+Z)z�U
�3쪰�z%<�AguLT�*r^I+\A_��/ �P)F�
�W{sKC{h�0>6#&to`9˳/sE�"OGeݹ G5¶V-�r5�}�u_;_N�˫E/W?7F;��6̕MJR\4E9š�u\�«1.Y2U94�9�3?�u"[~r^<^Ȭu�Wl�NA�m�Od9y}2Y?A}Ѻ`�*+6�:�7q3[� È �s
H0M
����Rqð6v�{�5CZW�eC=tZ}ṙiX�Lʪ9�(ѰH7Ejo2x�s�ŁS�
;wE�=�HN�7�nޣ97��wƞ7��дC���\4^zRs?%WHd,#"2t�} ̈njUWU��8��kR�0�XR����^9�Q(Fuo*K0i�y�]:fȳRLq�
�uKn[�%���<��tl̮U�9u|�
y3� `Pӗaw8c+x;b$�I �Y8P*`!�I�؞x�F^�$�-.�@O'M��o�*X&5$W�!�-7c�U�rߢQ�K1<:~�U-�(C:5g^]F͙���\șP=�w7ip.{K�o�{a`a?JEl��^5Ǩz�19�Iϐ�R(�K9�C��ahnx,^F垓33��1#qyU�� YT8���"˴'TsR6vn
2DicS�2m-(E�ir�};�{�,Sgd/+2bG�0�HYUҎ_u Kw�T�sDIrE�oPm4�J��;���k�l`v��B�`{�)5p��s���5ݡ*lٹsۚ2J1R8ٶ2#OA=r
ύ�e[� ��O"�C�2`�(�zc<��z�nG}L��wPkL�ʯ"U`7g#���O�Ge Lwt0?@s`�܀}TlI5���f0^nTV?"+1��<&`cܢ��_��JwDl
.3�(�.u/[&
xWa!*e;1&(Xp\'AΙlS;�./[�r$c�<[_Eڵ-]?:5yD�t
�8-] vE
�h���&+_2qE�>�v/-�G�J~�S.u�7tle��@�L_��H�ʶ�!�ľ�,�{ �QFb�F]szCvKѪ
V�7"�aa�tn0n,$ـ9&@�
�Jʶ�)E=b�
�9���lQ`-N \70(|NLu
ۊ|Va=�k��s�`cΜ� *�φŀ��{̾��^f#3k��R^#s!?"L�nH2m�^^kti�(�aa��vX�p�q9f�,�e���2^OdzUN=�Z
^cdX$_֬-LE"�)ԝa:(G3� z�Bk|FXK�z{\M蒻y0ѕDM1F(ͧ,13,@|�փ
��W{څG��SYy6:|���,�݀bV�S"NdJ{c793I��}�˦b�^܌aB>c�&_مL�v3�\j�)/�YH~>
���fj*r*]x�D4;Nb����_yfϸŻ1,#ֻ�N�|]嬵t1N�ʓEO9iϾ�J{`�gnVT�vTƥ2p;XQ|9\%`17qUES*:(K��- QslA0�R>Vl/>�P r9̳�ś|UG`bhPgUӍQI#[|C1�uk*d_+V��]jًۙf#imئb
ti*�5J{IVJl�ԜRarȬ�?̭MӝMn3a-d
|
Network Security & Hardware 
