Microsoft SDL version 5

April Update

SDL's Jeremy Dallman announced Microsoft Security Development Lifecycle process guidance – Version 5 (SDLv5) at the start of the month:

http://www.microsoft.com/downloads/details.aspx?FamilyID=7d8e6144-8276-4a62-a4c8-7af77c06b7ac

Overview

The Microsoft Security Development Lifecycle (SDL) process guidance illustrates the way Microsoft applies the SDL to its products and technologies. It includes security and privacy requirements and recommendations for secure software development at Microsoft.

SDL 5 addresses SDL guidance for Waterfall and Spiral development, Agile development, web applications and Line of Business applications. IT policy makers and software development organizations can leverage this content to enhance and inform their own software security and privacy assurance programs.

What's New in Version 5

1. SDL for Agile included: The largest change in SDLv5 is the inclusion of SDL for Agile Development as an Addendum at the end. The SDL-Agile guidance that was published in November 2009 is included in the parent SDL document to make it a one-stop resource.
2. New and updated security requirements and recommendations - refer to Jeremy's article for details.

This is a welcome consolidation of pre-existing resources, advice, guidelines, best practices and tools. The SDL integration of Agile methodologies is particularly well executed (previously, previously).

System Requirements

• Supported Operating Systems: Windows 7; Windows Server 2003; Windows Server 2008; Windows Vista; Windows XP.