FG_AUTHORS: GGarza

Posted on Windows 7 News & Tips

A few blogs ago, I posted about Microsoft’s 10^th anniversary with their Trustworthy Computing. Now the Security Development Lifecycle (SDL) format is clear. For Microsoft, whose challenge is to lead the software community in ways to combat cybercrime, the SDL is their way of introducing a rational plan to meet that goal.

Security managers and enterprises should follow six practices. Training involves secure design, threat modeling, secure coding and testing, and privacy. All software should meet these initial conditions in order to establish a baseline of operations.

Security Requirements

Then there are security requirements. Meaning that these issues should be upfront and not as an afterthought. If the security element is upfront, then the design will be different than if it occurred as an afterthought. Questions must be asked such as which portions of the project will require models or design reviews before release.

Design Practices

Next are the design practices. Here it is imperative that security managers establish design requirements. These include the creation of security and privacy design specifications, and a specification review, and specification of minimal cryptographic design requirements. How these get implemented and where in the program is important. So having a handle on the approach beforehand will be necessary to making the effort a success.

Implementation Practices

Implementation practices are important. After the development of the software, the development team mandates and enforces best practices to be followed for the duration of the project. This prohibits variation and presents consistency in the result. This way if there is a problem, they will know where it came from. If there wasn’t a best practices portfolio, then failures could come from more than part of the program, without the ability to zero-in on the fault.

Release Practices

Finally, release practices must be available. That means that the team must create the incident response plan, perform the final security review and archive all pertinent data for post-release servicing of the software. In this way they can anticipate issues and not be surprised if customers do complain. It also means having a standby system to correct the faults.

Source: Microsoft Security LifeCycle Fact Sheet

.

Microsoft’s Security Development Lifecycle is a post from Windows 7 News & Tips - Latest Microsoft Windows 7 News, Tips, Themes, Wallpapers & Guides. Visit Windows 7 News & Tips for the Latest Microsoft Windows 7 News, Tips, Themes, Wallpapers & Guides.

Read more: http://feedproxy.google.com/~r/MicrosoftWindows7News/~3/S5Q7gh8Q_dU/