Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Microsoft juices Visual Studio with secure coding tools

Software giants says it will integrate Visual Studio development tools and its secure applications processes

Microsoft Tuesday said it will deepen ties between its Visual Studio development tools and the secure applications development processes first developed inside the company and now available to outsiders.

Microsoft will upgrade its Security Development Lifecycle (SDL) process with templates, new partners and supporting documentation. The company made the announcement at the Black Hat Conference taking place in Washington, D.C.SDL, which was born from a 2002 Bill Gates mandate on secure code, is a process Microsoft has used since 2004 to develop software.

The process includes development of threat models during software design, the use of code-scanning tools during implementation, and code reviews and security testing.

Microsoft Tuesday said it would shortly release a beta of a template for rapid applications development that works with Visual Studio Team System 2008/Team Foundation Server and integrates SDL with the Microsoft Solutions Framework (MSF) and Agile development practices. Agile development is based on process management with multiple check-ups on the work along the way. The final release will come before the end of June.

The template automatically creates workflow items to meet SDL security requirements each time code is checked in to the server. There is also an analyzer feature to ensure code meets SDL guidelines.

In addition, Microsoft has created a Reader's Digest version of the implementation guidelines for the SDL, focusing on the fact that SDL applies beyond Windows and shrink-wrapped software and does not require Microsoft specific tools.

Microsoft also said it was expanding its lineup of partners that help users implement SDL, including a new tools category. New for the tools category are Fortify, Veracode and Codenomicon, the new training member is Safelight Security Advisors and the new consulting members are Booz-Allen Hamilton, Casaba Security and Consult2Comply.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Agile, Bill, Booz, Comply, Microsoft, SDL
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: agile, Microsoft, visual studio
Latest Blog Posts
Whitepapers
  • Virtualise, Manage, Backup, Consolidate
    Datacenter sprawl is one of the larger challenges that datacenter managers are facing today. Over time, applications, servers, and storage can create many unique architectures across the IT infrastructure. This can introduce complexity, increase costs, and compromise business-critical application performance and availability. Read on.
    Learn more »
  • Endpoint Buyers Guide
    In this Endpoint Buyers Guide, we examine the top vendors according to market share and industry analysis: Kaspersky Lab, McAfee, Sophos, Symantec and Trend Micro. Each vendor’s solutions are evaluated according to: Product features and capabilities, Effectiveness, Performance, Usability, Data protection and Technical support.
    Learn more »
  • CSO Security Buyers Guide 2011
    Welcome to the 2011 /2012 CSO Security Buyers Guide CSO is keeping security professionals ahead of the evolving threats and challenges to their businesses. This resource for security professionals assists you in finding leading IT security vendors by their products and solutions. Happy Browsing! The 2011 CSO Buyers Guide team
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments