New Visual Studio 2010 template released

Stephen Withers
Wednesday, 26 May 2010 09:29

Business IT - Security

Microsoft today released a new version of its MSF Agile + SDL Process (MSF-A+SDL) template that is compatible with Visual Studio 2010.

The MSF-A+SDL template was originally released in February as a beta for Visual Studio 2008. It is designed to help developers  apply the Security Development Lifecycle guidance to the Microsoft Solutions Framework for Agile development framework. A version for Visual Studio 2010 was released today.

 

The template checks that code complies with SDL practices before allowing it to be checked into a Visual Studio Team System repository, and creates appropriate security workflow tracking items for manual processes such as treat modelling.

For example, the template generates different workflow items depending on whether the developer checks in C++ or .NET code. And when a developer creates a new sprint, new work items are created.

It also helps integration with other tools including Microsoft's SDL Threat Modeling Tool, the Binscope binary analyser and the MiniFuzz file fuzzer, simplifying the task of recording which tools are uncovering the most bugs.

Another feature of the template is the provision of a 'scope' field that makes it easier for the developer to describe the importance of the issue. It is used in conjunction with the 'bug bar rating' to help determine which issues must be fixed before release, explained Bryan Sullivan, senior security program manager at Microsoft.

Microsoft offers a separate template for organisations using CMMI rather than Agile.

Stephen Withers travelled to Seattle as a guest of Microsoft.