Real World Software Architecture

Real World Software Architecture is dedicated to providing information and experiences from the field of Software Architecture.



Subscribe with RSS or ATOM Add to Google

Links

  • Home Page
  • Real World Software Process Engineering
  • Suggested Reading
  • .NET Dev and Arch Collection
  • SEI Essays on SA
  • Software Architecture
  • Bredemeyer
  • wwisa
  • Product Line Engineering
  • PLEES
  • Software Product Lines
  • MSDN Architecture Center
  • patterns & practices






Wednesday, April 09, 2008

Microsoft Security Development Lifecycle (SDL) Guidance Available

Microsoft has released Security Development Lifecycle (SDL) Guidance.


Click Image for Larger View

Microsoft is making the details of the SDL process generally available online for the first time. IT policy makers and software development organizations can leverage this content to enhance and inform their own software security and privacy assurance programs.

Below is the Table of Contents from the available document.

Introduction 3
Stage 0: Education and Awareness 9
Stage 1: Project Inception 11
Stage 2: Cost Analysis 13
Stage 3: Design Phase: Establish and Follow Best Practices for Design 15
Stage 4: Design Phase: Risk Analysis 18
Stage 5: Implementation Phase: Documentation and Tools for Users that Address Security and Privacy 20
Stage 6: Implementation Phase: Establish and Follow Best Practices for Development 22
Stage 7: Verification Phase: Security and Privacy Testing 24
Stage 8: Verification Phase: Security Push 26
Stage 9: Pre-Release Phase: Public Release Privacy Review 29
Stage 10: Release Phase: Response Planning 30
Stage 11: Release Phase: Final Security Review and Privacy Review 32
Stage 12: Release Phase: RTM/RTW 35
Stage 13: Post-Release Phase: Response Execution 36

Appendix A: Privacy at a Glance 37
Appendix B: Security Definitions for Vulnerability Work Item Tracking 38
Appendix C: SDL Privacy Questionnaire 40
Appendix D: A Policy for Managing Firewall Configurations 43
Appendix E: Required and Recommended Compilers, Tools, and Options for All Platforms 47
Appendix F: SDL Requirement: No Executable Pages 53
Appendix G: SDL Requirement: No Shared Sections 56
Appendix H: SDL Standard Annotation Language (SAL) Recommendations for Native Win32 Code 57
Appendix I: SDL Requirement: Heap Manager Fail Fast Setting 61
Appendix J: SDL Requirement: Application Verifier 64
Appendix K: SDL Privacy Escalation Response Framework (Sample) 66
Appendix L: Glossary 68
Appendix M: SDL Privacy Bug Bar (Sample) 70
Appendix N: SDL Security Bug Bar (Sample) 74
Appendix O: Security Plan (Sample) 79

You can download it here.

posted by tadanderson at 7:17 PM

0 Comments:

Post a Comment

<< Home

Previous Posts

  • New WCSF Visual Studio 2008 and .NET 3.5 Guidance ...
  • Free E-Learning: .NET Framework 3.5 and Visual Stu...
  • Microsoft Patterns and Practices Unity Application...
  • The Personal Software Process (PSP) Body of Knowle...
  • Community Preview of the Enterprise Library 4.0 Av...
  • Emergent Design: The Evolutionary Nature of Profes...
  • New Microsoft Expression Community Web Site Available
  • Welcome back ActiveX (Silverlight the Newest Silve...
  • Breaking the Rules: Apple Succeeds By Defying 5 Co...
  • Has Microsoft Implemented the Software Factory? I ...



Powered by Blogger