Skip Links

Microsoft juices Visual Studio with secure coding tools

Microsoft security templates, tools aimed at secure code

By , Network World
February 02, 2010 04:09 PM ET

Network World - Microsoft Tuesday said it will deepen ties between its Visual Studio development tools and the secure applications development processes first developed inside the company and now available to outsiders.

11 security companies to watch

Microsoft will upgrade its Security Development Lifecycle (SDL) process with templates, new partners and supporting documentation. The company made the announcement at the Black Hat Conference taking place in Washington, D.C.
SDL, which was born from a 2002 Bill Gates mandate on secure code, is a process Microsoft has used since 2004 to develop software.

The process includes development of threat models during software design, the use of code-scanning tools during implementation, and code reviews and security testing.

Jon Oltsik commentary: Microsoft's SDL progresses

Microsoft Tuesday said it would shortly release a beta of a template for rapid applications development that works with Visual Studio Team System 2008/Team Foundation Server and integrates SDL with the Microsoft Solutions Framework (MSF) and Agile development practices. Agile development is based on process management with multiple check-ups on the work along the way. The final release will come before the end of June.

The template automatically creates workflow items to meet SDL security requirements each time code is checked in to the server. There is also an analyzer feature to ensure code meets SDL guidelines.

In addition, Microsoft has created a Reader's Digest version of the implementation guidelines for the SDL, focusing on the fact that SDL applies beyond Windows and shrink-wrapped software and does not require Microsoft specific tools.

Microsoft also said it was expanding its lineup of partners that help users implement SDL, including a new tools category. New for the tools category are Fortify, Veracode and Codenomicon, the new training member is Safelight Security Advisors and the new consulting members are Booz-Allen Hamilton, Casaba Security and Consult2Comply.

Follow John on Twitter: twitter.com/johnfontana

This story, "Microsoft juices Visual Studio with secure coding tools," was originally published at NetworkWorld.com. Follow the latest developments in software at Network World.

Read more about software in Network World's Software section.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News