14 DAY TRIAL // Microsoft is making it easy for third-party developers to bulletproof their software using the same security assurance process that the company applied when building products such as Windows 7 and Windows Vista. In this sense, the software giant continues on a path it set on a few years back when it started sharing resources and guides associated with the Microsoft Security Development Lifecycle with the developer community. Devs looking to secure their software leveraging the same range of security activities used by Microsoft in developing solutions starting with Vista can take advantage of such resources as the Simplified Implementation of the Microsoft SDL white paper, which can be grabbed from the Microsoft Download Center.
“Because Microsoft created the SDL, some people think they have to have Microsoft-like resources to be able to implement it,” revealed David Ladd, principal security program manager of Microsoft’s SDL Team. “It’s true that we do invest a lot in the SDL, but that’s largely because we have so many products that go through it. This paper sets out how any development team — even teams of eight to 10 developers — can implement the SDL.”
Through the Simplified Implementation of the Microsoft SDL developers will be able to access a brief overview of the Microsoft SDL, along with details related to the SDL Optimization Model and to particular security development practices. According to the Redmond company, the whitepaper has been designed with the goal of offering a simple framework which offers insight on how to adopt Microsoft security practices in the software development process. Along the way, the documentation can also dispel some of the myths associated with SDL.
“One of the common misconceptions about the Microsoft SDL is that you have to be an organization the size of Microsoft in order to be able to implement it. Another misconception is that the SDL is only appropriate for Microsoft languages and Microsoft platforms, and that you need to use some other methodology if you’re writing code with Ruby for OS X. The Simplified SDL white paper helps address these misconceptions by explaining how the SDL can be implemented with limited resources and applied to any platform. By outlining a minimum threshold that stays true to the core attributes of the SDL, this paper provides an effective model for building an effective security development lifecycle in any organization,” a member of the SDL team said.