Microsoft links security guidelines to agile development

Microsoft on Tuesday released a template for applying its Security Development Lifecycle (SDL) methodology to agile software development projects built with the Visual Studio development environment.

The downloadable template, offered in a beta release, enables developers to apply SDL to the Microsoft Solutions Framework (MSF) for Agile Software Development process.

[ Also on InfoWorld: Microsoft last year offered security guidelines fpr melding SDL with agile processes. ]

“The MSF for Agile Software Development plus SDL Process Template for Visual Studio Team System (VSTS) 2008 lets developers integrate the SDL-Agile secure development methodology directly into the Visual Studio development environment,” a Microsoft representative said in an email.

The MSF+Agile+SDL template lets code checked into the VSTS source repository be analyzed to ensure it complies with SDL secure development practices. Workflow tracking items are created for manual SDL processes such as threat modeling to ensure that security activities are not accidentally skipped or forgotten, according to Microsoft.

A beta template applying the agile and SDL process to the Visual Studio 2010 software development process will be offered shortly after the platform is released in April. Final releases of both templates are due in the second quarter of this year.

Microsoft also is offering a white paper that explains how SDL can be implemented with limited resources and applied to other platforms.

Microsoft on Tuesday also said it will expand its SDL Pro Network, which was set up in 2008. Pro Network members are security specialists who offer services to adopt SDL. Specifically, Microsoft will announce a Tools membership category to complement the Consulting and Training categories, with Tools members being companies that can deploy security tools such as static analysis tools for the implementation phase of SDL and dynamic and binary analysis tools for the SDL verification phase.