14 DAY TRIAL // A free collection of resources from Microsoft is available to customers looking for a starting point when it comes down to integrating the company’s Security Development Lifecycle (SDL) practices into their own software development process. Templates for SDL Practices are now live on the Download Center, available under a Creative Commons license.
Of course, those already familiar with the Redmond company’s shared SDL resources know that the documentation offered has always been accompanied by a CC license.
“One of the big questions we faced early at Microsoft and are now hearing again as more companies of all sizes start to adopt the SDL in their own organizations is “How do I [insert SDL practice or process activity]”,” revealed Jeremy Dallman, security program manager, Security Development Lifecycle Team.
“Most frequently, these questions are specifically talking about the SDL practices that cannot be addressed with tools and are more process-oriented or thought-based.”
The SDL Practices Templates include documents that Microsoft itself used when it was beginning to embrace Security Development Lifecycle practices.
In this regard, Dallman notes that the new collection of SDL documentation was shared with third-party software developers because it was found to help them build more secure products.
By downloading the resources offered, customers can easily gain insight into Defining Security Requirements; Creating a Security Bug Bar; Performing a Security Risk Assessment; Conducting a basic threat model; Managing SDL Exception Requests; and Performing a Final Security Review.
Devs can either download the documents one by one or grab all of them at once through the .ZIP archive provided by the software giant.
“Please put them to use in their default form (without edits), as templates to modify/customize for your unique needs, or simply as a catalyst for brainstorming and creating your own documents. The goal is to help you accelerate implementation of the SDL practices and gather valuable security information about your projects,” Dallman added.