Blog dedicado al estudio de la Seguridad de la Información - Privacidad - Seguridad Informatica - Auditoria informática.
(Recopilación de principales noticias, eventos, politicas de seguridad, guías de buenas practicas, normas, estándares, herramientas, otros)
martes, 6 de abril de 2010
Microsoft Security Development Lifecycle (SDL) Version 5
A new version of the Microsoft Security Development Lifecycle (SDL) Process Guidance is now accessible on MSDN and available via the Microsoft Download Center. Developers interested in securing their software using the same methods as the Redmond company can take advantage of SDL version 5.0 online, or download the resource for usage in offline scenarios. The download offered by the software giant is designed to illustrate the process guidance applied to bulletproof Microsoft products and technologies including Windows 7 and Office 2010.
Following the release of Windows Vista, Microsoft warned developers of third-party Windows applications that attackers would increasingly use their products as attack vectors, as the security bar for the OS was raised considerably through SDL. The Redmond company subsequently opened up SDL to all devs, in the hope that the entire software ecosystem built around Windows could benefit from the same security focus during the development process as the platform itself.
For those unfamiliar with SDL, the Microsoft Security Development Lifecycle is a collection of security and privacy resources such as requirements and recommendations that the company applies to increase the level of protection of its own users. Jeremy Dallman, security program manager, Security Development Lifecycle Team, enumerated the changes introduced in the “SDLv5 documentation:
1. SDL for Agile included: The largest change in SDLv5 is the inclusion of SDL for Agile Development as an Addendum at the end. We took the SDL-Agile guidance that was published in November 2009 and included it in the parent SDL document to make it a one-stop resource.
2. New and updated security requirements and recommendations
“Requirements Phase (1 new) - New Requirements: Include third-party code licensing security requirements in all new contracts.