Microsoft Tries to Boost SDL Adoption

Microsoft is trying to boost adoption of the software security practices in its Security Development Lifecycle by releasing a revised set of instructions to make implementation of the process easier and faster.

At the Black Hat DC conference on Tuesday, the company announced the release of its “Simplified Implementation of the Microsoft SDL” paper, as well as a template designed to help developers integrate Microsoft’s SDL, along with the Agile Software Development process, into Visual Studio. That template will enable developers to automatically check all of their code developed in Visual Studio against the SDL framework.

Microsoft has been pushing the need for more secure software development practices for several years, but some organizations have said that the company’s SDL model is too difficult and expensive to implement, and doesn’t fit into their organization’s development structure. So the company is releasing the simplified description of the SDL implementation process in an effort to get more developers on board.

“The process outlined in this paper sets a minimum threshold for SDL compliance. That said, organizations aren’t uniform – development teams should apply the SDL in a way that is suitable to the human talent and resources available, but doesn’t compromise organizational security goals,” the company said in the SDL paper.

The paper defines various roles for people involved in the SDL process, and lays out required and optional SDL activities, as well as a five-phase process from requirements through release.