Microsoft Security Development Lifecycle (SDL) Guidance Available
Microsoft has released Security Development Lifecycle (SDL) Guidance.
Click Image for Larger View
Microsoft is making the details of the SDL process generally available online for the first time. IT policy makers and software development organizations can leverage this content to enhance and inform their own software security and privacy assurance programs.
Below is the Table of Contents from the available document.
Introduction 3
Stage 0: Education and Awareness 9
Stage 1: Project Inception 11
Stage 2: Cost Analysis 13
Stage 3: Design Phase: Establish and Follow Best Practices for Design 15
Stage 4: Design Phase: Risk Analysis 18
Stage 5: Implementation Phase: Documentation and Tools for Users that Address Security and Privacy 20
Stage 6: Implementation Phase: Establish and Follow Best Practices for Development 22
Stage 7: Verification Phase: Security and Privacy Testing 24
Stage 8: Verification Phase: Security Push 26
Stage 9: Pre-Release Phase: Public Release Privacy Review 29
Stage 10: Release Phase: Response Planning 30
Stage 11: Release Phase: Final Security Review and Privacy Review 32
Stage 12: Release Phase: RTM/RTW 35
Stage 13: Post-Release Phase: Response Execution 36
Appendix A: Privacy at a Glance 37
Appendix B: Security Definitions for Vulnerability Work Item Tracking 38
Appendix C: SDL Privacy Questionnaire 40
Appendix D: A Policy for Managing Firewall Configurations 43
Appendix E: Required and Recommended Compilers, Tools, and Options for All Platforms 47
Appendix F: SDL Requirement: No Executable Pages 53
Appendix G: SDL Requirement: No Shared Sections 56
Appendix H: SDL Standard Annotation Language (SAL) Recommendations for Native Win32 Code 57
Appendix I: SDL Requirement: Heap Manager Fail Fast Setting 61
Appendix J: SDL Requirement: Application Verifier 64
Appendix K: SDL Privacy Escalation Response Framework (Sample) 66
Appendix L: Glossary 68
Appendix M: SDL Privacy Bug Bar (Sample) 70
Appendix N: SDL Security Bug Bar (Sample) 74
Appendix O: Security Plan (Sample) 79
You can download it here.
Click Image for Larger View
Microsoft is making the details of the SDL process generally available online for the first time. IT policy makers and software development organizations can leverage this content to enhance and inform their own software security and privacy assurance programs.
Below is the Table of Contents from the available document.
Introduction 3
Stage 0: Education and Awareness 9
Stage 1: Project Inception 11
Stage 2: Cost Analysis 13
Stage 3: Design Phase: Establish and Follow Best Practices for Design 15
Stage 4: Design Phase: Risk Analysis 18
Stage 5: Implementation Phase: Documentation and Tools for Users that Address Security and Privacy 20
Stage 6: Implementation Phase: Establish and Follow Best Practices for Development 22
Stage 7: Verification Phase: Security and Privacy Testing 24
Stage 8: Verification Phase: Security Push 26
Stage 9: Pre-Release Phase: Public Release Privacy Review 29
Stage 10: Release Phase: Response Planning 30
Stage 11: Release Phase: Final Security Review and Privacy Review 32
Stage 12: Release Phase: RTM/RTW 35
Stage 13: Post-Release Phase: Response Execution 36
Appendix A: Privacy at a Glance 37
Appendix B: Security Definitions for Vulnerability Work Item Tracking 38
Appendix C: SDL Privacy Questionnaire 40
Appendix D: A Policy for Managing Firewall Configurations 43
Appendix E: Required and Recommended Compilers, Tools, and Options for All Platforms 47
Appendix F: SDL Requirement: No Executable Pages 53
Appendix G: SDL Requirement: No Shared Sections 56
Appendix H: SDL Standard Annotation Language (SAL) Recommendations for Native Win32 Code 57
Appendix I: SDL Requirement: Heap Manager Fail Fast Setting 61
Appendix J: SDL Requirement: Application Verifier 64
Appendix K: SDL Privacy Escalation Response Framework (Sample) 66
Appendix L: Glossary 68
Appendix M: SDL Privacy Bug Bar (Sample) 70
Appendix N: SDL Security Bug Bar (Sample) 74
Appendix O: Security Plan (Sample) 79
You can download it here.
posted by tadanderson at 7:17 PM
0 Comments:
Post a Comment
<< Home