Microsoft Security Development Lifecycle - Secure software made easier.
Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Today, we are excited to announce the general availability of a new version of a very popular Security Development Lifecycle tool – Microsoft Threat Modeling Tool 2014. It’s available as a free download from Microsoft Download Center here.
Threat modeling is an invaluable part of the Security Development Lifecycle (SDL) process. We have discussed in the past how applying a structured approach to threat scenarios during the design phase of development helps teams more effectively and less expensively identify security vulnerabilities, determine risks from those threats, and establish appropriate mitigations.
For those who would like more of an introduction to threat modeling, please visit Threat Modeling: Uncover Security Design Flaws Using the STRIDE Approach. But, without further ado, let’s dig into the fun stuff – the new features of Threat Modeling Tool 2014. Read more
Today, we are excited to announce the general availability of a new version SDL process templates:
This version of the SDL Process Templates is specific to the Microsoft Security Development Lifecycle version 5.2.
The SDL Process Templates automatically integrate policy, process and tools associated with the Microsoft Security Development Lifecycle (SDL) in Visual Studio 2013 and Visual Studio Team Foundation Server (TFS). With the process templates code checked into the Visual Studio TFS source repository by the developer is analyzed to ensure that it complies with SDL secure development practices. The templates also create security workflow tracking items for manual SDL processes such as threat modeling to ensure that these important security activities are not accidentally skipped or forgotten. Read more