Microsoft Security Development Lifecycle (SDL)

Announcements

• Link

  Workaround for MSF-Agile+SDL v5.0 install error

  SDL Team Friday, June 24, 2011 7:05 PM

  Announcement originially posted Tuesday, August 03, 2010 9:59 PM

  Hi everyone,

  We've talked with some people experiencing problems when trying to install the MSF-Agile+SDL v5.0 process template. We believe these problems are a result of an incompatibility with certain configurations of Sharepoint, and we are working to correct the issue for the next release of the MSF-Agile+SDL template. In the meantime, you should be able to work around the problem by following these instructions to disable the Sharepoint features of the template:

  1. Uninstall the template if you've already installed it.
  2. Reinstall the template files, and uncheck the Additional Sharepoint Components feature during the installation process.
  3. Using your XML editor of choice, open the file <template install dir>\Process Template\Windows SharePoint Services\wsstasks.xml.
  4. Near the bottom of the file, you will see the lines:

  <!--TfsDashboardSDLAgile -->

  <feature featureId="3F6F501A-5DFF-4359-8ED8-232784DFF47E" />

  5. Comment out the second line, ie:

  <!--TfsDashboardSDLAgile -->

  <!-- <feature featureId="3F6F501A-5DFF-4359-8ED8-232784DFF47E" /> -->

  6. Save the file and close

  7. Open the Process Template Manager in Visual Studio

  8. Delete the existing "MSF for Agile Software Development plus Security Development Lifecycle (SDL) v5.0" process template.

  9. Upload the process template again, browse for <template install dir>\Process Template\process template.xml.

  10. Close the Process Template Manager.

  You should now be able to create MSF-A+SDL projects. If you're experiencing the install bug, please let us know if this helps workaround the problem (or if it doesn't).

  Thanks,

  Bryan

• Link

  Announcing the templates for SDL Practices

  SDL Team Friday, April 29, 2011 5:46 PM

  Download the templates for SDL practices, a library of templates to help you get started with the more thought-based SDL practices or activities: Defining Security Requirements, Creating a Security Bug Bar, Performing a Security Risk Assessment, Conducting a basic threat model, Managing SDL Exception Requests, Performing a Final Security Review.

• Link

  Tools updates: SDL Threat Modeling Tool, MiniFuzz File Fuzzer, SDL Regex Fuzzer

  SDL Team Friday, September 16, 2011 10:37 PM

  The SDL team has recently announced updated versions of three SDL tools:

  SDL Threat Modeling Tool v3.1.8

  MiniFuzz File Fuzzer v1.5.5

  SDL Regex Fuzzer v1.1.0

  Check them out and feel free to provide comments and feedback.

• Link

  Announcing SDL Process Guidance Version 5.2

  SDL Team Wednesday, May 23, 2012 9:10 PM

  The annual update to the Microsoft Security Development Lifecycle Process Guidance has been released. Version 5.2 is now available for download (.docx format) as well as online in the MSDN Library.

• Link

  Follow @MSFTsdl on Twitter

  SDL Team Friday, June 24, 2011 7:12 PM
  Follow @MSFTsdl on Twitter to stay informed about the latest news, events and releases of the Microsoft Security Development Lifecycle.