14 DAY TRIAL // Microsoft is providing third-party developers with additional guidance to simplify even further the adoption of Security Development Practices in their software projects.
The Redmond company has put together and made available for download the Microsoft Simplified SDL Practices spreadsheet, offered through the SDL blog (direct link here).
Devs that have looked into embracing the collection of development best practices that helped Microsoft bulletproof products such as Windows 7 and Office 2010 might already be familiar with the “Simplified Implementation of the Microsoft SDL,” available here.
Well, the “Simplified Implementation of the Microsoft SDL” was the starting point for the Microsoft Simplified SDL Practices spreadsheet.
A member of the SDL team revealed that the goal with the spreadsheet was to put together actionable implementation guidance.
“To accomplish this, we assigned a numeric designation to each SDL Phase and Practice then filled in the supporting guidance for each activity in the Implementation Details section,” the SDL team representative added.
These Implementation Details were copied directly from the Simplified SDL paper to retain the platform-independent nature of the SDL. In the practices where platform-specific guidance is widely used, we chose to appended that information as Additional Notes.”
However, the Simplified SDL Practices spreadsheet is still designed to be used in concert with Simplified SDL Practices spreadsheet documentation.
Microsoft is in fact encouraging third-party developers to use the two resources in tandem in order to tailor the security best practices for software development to the specific needs of their organization and to their work-flow management process.
“We have found that this task-oriented structure, built in a simple Excel spreadsheet, has become useful in some of our new documentation.
“We thought it might also be useful to share that simple Excel spreadsheet to simplify importing and adopting the 16 security practices of the SDL in your organization,” the SDL team member added.