14 DAY TRIAL // Microsoft is using Black Hat DC as the stage to introduce new resources for third-party developers that want to embrace the security assurance process that helped it deliver additional protection to end users via all products past Windows Vista, Windows 7 included. In this regard, the Redmond company announced the availability of a downloadable template designed to enable devs to apply the Security Development Lifecycle methodology to the Microsoft Solutions Framework (MSF) for the Agile Software Development process.
The first public Beta of the new MSF for Agile Software Development plus SDL Process Template for VSTS 2008, referred to as “MSF-A+SDL,” was already released. Microsoft revealed that it planned to deliver the final version of the template in the second quarter of 2010. At the same time, the offering will also be tailored to the next iteration of Visual Studio, namely VS 2010, but only after the next version of the company’s development platform is launched to customers on April 12, 2010.
The new resource offered by the software giant is similar to the SDL Process Template delivered in 2009, and is set up to streamline the integration of the SDL-Agile secure development methodology into the Visual Studio Team System (VSTS) development environment. By leveraging the MSF-Agile+SDL template, developers make sure that code from the VSTS source repository is in line with the SDL secure development practices.
A member of the SDL team emphasized a few new features of the template:
“- Automatic generation of SDL task work items for new iterations. Given that Agile projects can live forever (as in the case of web applications or cloud services with no defined “end date”), these projects need to periodically re-complete SDL requirements as defined in the SDL-Agile process. The MSF-A+SDL template accomplishes this by creating new security tasks for the project whenever a user adds a new iteration.
- Automatic generation of SDL task work items for new code. Whenever new Visual Studio projects or web sites are checked into an MSF-A+SDL project’s source control repository, the template will generate new SDL requirements appropriate to that project. For example, if the user creates a new C# web site, the template will add requirements such as disabling ASP.NET tracing, and applying the AntiXss library.”