S. Somasegar is the corporate vice president of the Developer Division at Microsoft. Learn more about Somasegar.
Earlier today, Bill Gates spoke at the RSA Conference 2005 in San Francisco. Bill spoke about a Gartner report which looked at security problems and reported that 75 percent of all security problems occur at the applications level. He mentioned that 64 percent of the developers we polled rated writing secure code as a key new skill that they wanted to acquire and they wanted tools to really be able to go in and audit what they're doing.
At Microsoft, we have been using several tools to test, analyze, profile and make our code secure. We have standardized on a lot of these tools internally so that every developers working in every product group uses these tools to ensure that we develop and deliver secure code. Many of these internal tools will ship in Visual Studio 2005 as a part of the Visual Studio 2005 Team System. This includes tools like FXCop, PREfast and App Verifier. By integrating these tools into the Visual Studio IDE, we want to enable you to develop and deliver highly secure code.
Team System ties these tools into the lifecycle as well. And we’ve focused significantly on usability, to make these readily accessible to all users. For example, the source control policies will confirm that you have run the security analysis before you check in the code. To go with the tools, Team System also delivers integrated security guidance in the updated Microsoft Solutions Framework. MSF draws on Microsoft’s internal architectural practices, such as threat modeling, and ties to the latest Patterns and Practices available on MSDN.
With Visual Studio 2005, our goal is to deliver a great set of tools with process and engineering guidance that will significantly enhance your productivity and enable you to deliver highly secure and reliable code.