« previous article | next article in Business »

Microsoft offers Agile security lessons

The company seeks to pass the security lessons it has learned to other developers

By Jeremy Kirk | Published: 08:03 GMT, 09 November 09 | CIO UK

Related Content

News

Features

Opinion and Debate

Microsoft will release on Tuesday guidelines for developers building online applications and for those utilizing the Agile code-development process.

The Agile guidelines apply principles from Microsoft's Security Development Lifecycle (SDL) to Agile, an umbrella term for a development model frequently used for Web-based applications released under short deadlines, called "sprints."

Microsoft adopted the SDL following the company's pledge in 2002 to build more secure code after several high-profile worms and other malicious software posed dangerous risks to its customers.

But the original SDL doesn't fit the Agile process. Agile differs in that developers have a set time in which to develop certain features, after which the application is immediately released in order to get customer feedback, said Bryan Sullivan, security program manager for Microsoft.

The SDL was originally designed for products, such as the Windows OS, that are non-iterative, meaning that there aren't frequent releases of the product that add just a feature or two. However, all of the SDL requirements have been adopted for the Agile process, but implemented differently, Sullivan said. Agile is used by 85 percent of technology industry professionals, according to Forrester.

Registration is free, and gives you full access to our extensive white paper library, case studies & analysis, downloads & speciality areas, and more.

Microsoft breaks the SDL down into three requirements: one-time only tasks, those that need to be done for every sprint, and finally "bucket" tasks, which need to be repeated periodically -- such as every six months -- but not for every sprint, Sullivan said. The Agile guidelines will be available on Tuesday on www.microsoft.com.

Microsoft is also releasing a white paper on security for online Web applications. As those applications are increasingly interacting and exchanging information, security is paramount, said Steve Lipner, senior director of security engineering at Microsoft's Trustworthy Computing Group.

The white paper outlines key security issues that developers should consider for Web applications, Lipner said. It also discusses security issues that developers should think about when choosing a hosting provider, such as data and physical security.

Email Updates

CIO Newsletters: Expert insight, advice and tools for technology, business, leadership and the CIO career.

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

CIO White Papers

Enterprise mashup services

Mashups are part of the Web 2.0 evolution of IT that can empower a business to enhance productivity, innovate more readily and collaborate more effectively – both internally, and with suppliers, partners and customers

10 key actions to reduce IT infrastructure and operations cost structure

Infrastructure and operations leaders are under intensifying pressure to reduce costs. This research outlines the key actions they should take to change the I&O cost structure near term (through 2010) and longer term (during the next three years).

Unlocking the benefits of Google Apps

Download this whitepaper to learn more about how you can save time and money by migrating from Microsoft Exchange to Google Mail.

Achieving Control: The four critical success factors of change management

Improve IT business value with minimum impact on security compliance and IT infrastructure

CIO UK - Business - Technology - Leadership

Nimsoft White Paper

Ensuring high service levels in cloud computing

Explore the most pressing challenges cloud computing presents in terms of service level management and how to overcome obstacles

A comprehensive overview of key issues organisations should be aware of before they make the plunge to cloud computing.

Read more


Advancing the security operations function

Traditional security operations programs, centered primarily on SIEM, have been long understood to be one of the most effective security investments an organisation can make. However, many organisations are finding that today’s high-risk environments are requiring more than just basic operations in order to effectively reduce risks. This white paper discusses a number of guidelines and considerations for implementing a more advanced approach to security operations.

Download the whitepaper

Enterprise communications and collaboration in a fast changing world

With capital expenditure budgets drastically reduced, the IT team is facing an unprecedented challenge: just how can it meet demands for more flexible working and improved productivity without embarking upon a sustained investment program.

Download the whitepaper

* *