Microsoft Security Development Lifecycle (SDL) Guidance Available
- Posted by admin on April 12th, 2008 filed in Uncategorized
Microsoft has released Security Development Lifecycle (SDL) Guidance.
Microsoft is making the details of the SDL process generally available online for the first time. IT policy makers and software development organizations can leverage this content to enhance and inform their own software security and privacy assurance programs.Below is the Table of Contents from the available document.
Introduction 3 Stage 0: Education and Awareness 9Stage 1: Project Inception 11Stage 2: Cost Analysis 13Stage 3: Design Phase: Establish and Follow Best Practices for Design 15Stage 4: Design Phase: Risk Analysis 18Stage 5: Implementation Phase: Documentation and Tools for Users that Address Security and Privacy 20Stage 6: Implementation Phase: Establish and Follow Best Practices for Development 22Stage 7: Verification Phase: Security and Privacy Testing 24Stage 8: Verification Phase: Security Push 26Stage 9: Pre-Release Phase: Public Release Privacy Review 29Stage 10: Release Phase: Response Planning 30Stage 11: Release Phase: Final Security Review and Privacy Review 32Stage 12: Release Phase: RTM/RTW 35Stage 13: Post-Release Phase: Response Execution 36Appendix A: Privacy at a Glance 37Appendix B: Security Definitions for Vulnerability Work Item Tracking 38Appendix C: SDL Privacy Questionnaire 40Appendix D: A Policy for Managing Firewall Configurations 43Appendix E: Required and Recommended Compilers, Tools, and Options for All Platforms 47Appendix F: SDL Requirement: No Executable Pages 53Appendix G: SDL Requirement: No Shared Sections 56Appendix H: SDL Standard Annotation Language (SAL) Recommendations for Native Win32 Code 57Appendix I: SDL Requirement: Heap Manager Fail Fast Setting 61Appendix J: SDL Requirement: Application Verifier 64Appendix K: SDL Privacy Escalation Response Framework (Sample) 66Appendix L: Glossary 68Appendix M: SDL Privacy Bug Bar (Sample) 70Appendix N: SDL Security Bug Bar (Sample) 74Appendix O: Security Plan (Sample) 79You can download it here.
links: digg this del.icio.us technorati reddit
realworldsa.dotnetdevelopersjournal.com