A new Security Development Lifecycle (SDL) template supports rapid applications development. It works with Visual Studio Team System 2008/Team Foundation Server and integrates SDL with the Microsoft Solutions Framework (MSF) and Agile development practices. You download the template from MSF-Agile plus Security Development Lifecycle Process Template for VSTS 2008.
The template automatically creates workflow items to meet SDL security requirements each time code is checked in to the server. There is also an analyzer feature to ensure code meets SDL guidelines.
MSF-A+SDL is a TFS process template that incorporates the Security Development Lifecycle (SDL) for Agile process guidance into the MSF Agile development framework. With the MSF-A+SDL template, any code checked into the Visual Studio Team System source repository by the developer is analyzed to ensure that it complies with SDL secure development practices. The template also automatically creates security workflow tracking items for manual SDL processes such as threat modeling to ensure that these important security activities are not accidentally skipped or forgotten.
For more information, see Security Development Lifecycle (SDL).
Bruce D. Kyle
ISV Architect Evangelist | Microsoft Corporation