Integrate Security Development Lifecycle Using Updated Process Template, Documentation

Security Development Lifecycle (SDL) Process Template and documentation version 4.1 is now available for download.

The SDL Process Template is a downloadable template that leverages the technology of Visual Studio Team System (VSTS) and Team Foundation Server (TFS) to automatically integrate the policy, process and tools associated with the Security Development Lifecycle v4.1 into your software development environment.

The Process Template includes various tools and components, including security-aware check-in policies, guidance for customizing an SDL security plan for the product under development, risk-assessment and threat-modeling help, and the like. It can install SDL requirements as work items and integrates with many third-party tools. The documentation, which anyone can download, provides any developer who wants it a detailed look at how Microsoft's framing its development lifecycle to maximize security input in the process.

SDL specifies 13 significant stages over the six phases of the development lifecycle, from cost, risk, and attack-surface analyses early on to fuzz testing, repeated privacy reviews, and even response planning as the product nears market.

The SDL Process Template for VSTS makes writing secure code a lot easier by:

• Easing the adoption of the SDL
• Providing auditable security requirements and status
• Demonstrating security return on investment

For more information and to download the templates, see The Microsoft SDL Process Template for Visual Studio Team System. For more information, see Security Development Lifecycle (SDL).

For next steps, see:

How to set up the SDL Process Template

How to improve your check-in process

How to change default work items

How to use the SDL Process Template documentation and reporting