Security Tools Due for Microsofts Whidbey Visual Studio
As part of his keynote at the conference, Microsoft chairman and chief security architect Bill Gates laid out the Microsoft security vision, including technologies that will be rolled into Windows over the coming months and even years. The new capabilities include dynamic system protection and a caller ID system for e-mail.
Part of that vision includes tools to help developers build secure code. And to that extent Microsoft will be including new tools out of Microsoft Research in the upcoming release of Microsoft Visual Studio, code-named Whidbey, Gates said.
Among the tools going into Whidbey will be Prefast, Prefix and FxCop, which will provide static security-defect-detection, prevention, and mitigation capabilities for unmanaged and managed code, Microsoft officials said.
Prefix is a defect-detection tool that will perform static analysis on code to find errors like memory leaks and other problems.
Prefast will be a lighter-weight program analysis tool for detecting defects via static analysis. Prefast gives an XML description of each defect, with information about the effect if the defect, hypothesis of the cause, severity, examples and documentation.
Meanwhile, FxCop is a code analysis tool that checks .Net-managed code assemblies for conformance to the Microsoft .Net Framework design guidelines, the company said.
Also at the conference, Gates highlighted the availability of the Security Scenarios Working Group draft for public review.
The Security Scenarios document, developed by the Web Services Interoperability Organization (WS-I) Security Profile Working Group, identifies security challenges and threats in building interoperable Web services and proposes countermeasures for these risks, Microsoft and WS-I officials said.
Paul Cotton, Microsofts program manager of XML standards, chairs the WS-I Security Profile Working Group.