Software Engineering, Project Management, and Effectiveness
The Security Innovation Security Engineering study, Comparing Security in the Application Lifecycle - Microsoft and IBM Development Platforms Compared, is timely, given the emerging industry emphasis on integrating security in the life cycle.
My favorite quote in the study is "The patterns & practices security guidance covers the key security engineering activities better than any other resource we’ve found." I think this reflects the fact we have more than 2,500 pages of security guidance (see Security Guidance, Security Engineering, Threat Modeling, and Improving Web Application Security) , and we've integrated our guidance into MSF/VS 2005 (see MSF/VS 2005 and p&p Integration.)
The study was available from the MSDN Security DevCenter for a while but seems to have fallen off. I've summarized the study here for quick reference:
OverviewSecurity Innovation evaluated the guidance and tools of Microsoft's and IBM's development platforms. The study compared the support available to a development team via security guidance, documentation and security focused features in the life-cycle tool suites. Gartner reviewed the approach.
Results of the Study
First, here's a couple key points, then the summaries are below:
Quotes from the Study
More InformationFor more information, see Comparing Security in the Application Lifecycle - Microsoft and IBM Development Platforms Compared at Security Innovation's site. They created four documents that take you through the details and results: Executive Summary, Research Overview, Full Detailed Reports and Results, and Methodology.
Book building is art and science. I've built a few books over the years at patterns & practices.
Book building is art and science. I've built a few books over the years at patterns & practices