Jeremy Dallman here with another publication of free documentation of SDL. Today we are making available a library of templates to help you get started with the SDL practices or activities more focused thinking.
The major issues we face the beginning of Microsoft and are now still more businesses of all sizes, start to adopt the SDL in their own organizations is "How can I [insert a practical activity or process SDL]." The most often, these questions are specifically speaks SDL practices that can be addressed with the tools and are more oriented process or focused on thinking.
As these issues have begun to come from other companies, we started digging into some of our internal archives for documents, we used the early on at Microsoft. Since then, most of these documents have been incorporated into web forms or our internal management SDL tables. However, we discovered that they were very useful for other companies models. Now we want to let other SDL organizations look and put them to good use as well!
Today, we publish a small template for SDL practices library that can help you to address:
- Define security requirements
- Creation of a security bug bar
- Performing a security risk assessment
- Perform a basic threat model (when not not using the set of the EOP or SDL threat modeling tool)
- Exception of SDL applications management
- Conduct a Final review of security
... and a.ZIP contains all the templates in one package.
These documents are published under the same Creative Commons license as our other SDL documents. Please put to use in their form by default (without modifications), as models to modify customize for your needs, or as a catalyst for brainstorming and creating your own documents simply. The objective is to help you accelerate the implementation of the SDL practices and gather useful security information about your projects.
We are happy to share these pieces of the Microsoft SDL with the ecosystem and the eager to hear how they have used in your own SDL projects.
0 comment:
Post a Comment