Welcome to Secure Development at Microsoft, a blog created for us to share new security tools, services, open source projects and best development practices with you in order to instill a security mindset across the development community as a whole and enable cross collaboration among its members. With this blog, our engineers at Microsoft hope to provide you with the right level of technical depth in order to get you up and running with integrating security assurance into your projects right away.
As we make announcements about new security tools, services, and best practices at Microsoft, let’s take a step back and look at what we’ve released in recent years:
- Microsoft Threat Modeling Tool – enables non-security subject matter experts to create and analyze threat models by scanning each potential security issue through proven methodology and suggestions for possible mitigations.
- Code Analysis for C/C++ – comes with the installation of Visual Studio Team Services Development Edition to help detect and correct code defects. It reads source code one function at a time and looks for C/C++ incorrect coding patterns that may indicate a programming error.
- Binscope Binary Analyzer – analyzes binaries to ensure they have been built in compliance with the SDL requirements and recommendations. It was designed to detect potential vulnerabilities that can be introduced into Binary files.
For a list of older tools and a thorough explanation of the Security Development Lifecycle, check out our official Microsoft SDL Site.
Surfacing security issues earlier in the development lifecycle has been an important focus for us at Microsoft. To that effort, we’ve worked hard these past few months in getting Roslyn (our open source .NET compiler platform) fully up-to-speed with security requirements. We added relevant checks into the Desktop.Analyzers package, which at the time of this blog post, is close to 4,000 downloads.
As we proceed with releasing tools, policies and best practices for our customers, there are 2 goals for us to keep in mind:
- Help you write secure code by more easily integrating security into your environment
- Invite you to become a contributor to our open source security tools and projects
For the latest security tooling announcements, please subscribe to this blog. We’re excited to see what we can accomplish together!