Microsoft has published guidelines for developing secure software rapidly.
The guidelines are aimed at helping corporate software developers and independent software vendors to speed up coding processes without compromising on security.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Microsoft introduced the SDL officially in 2004 to standardise secure software development practices across all product lines.
Internal demand for faster turnaround times for some development times led to the adaptation of the SDL for iterative programming.
The tried and tested SDL for agile development is now available by free download from Microsoft.
"We want to make the SDL available to as many developers as possible," said Steve Lipner, senior director of security engineering strategy at Microsoft.
The aim is to improve security for all users of the internet and software applications by helping all developers to create code that is inherently secure, he said.
An increasing number of organisations are turning to faster development cycles as a way of maintaining a competitive edge and keeping up with business needs.
Some 85% of technology industry professionals have recently adopted, are midway through or have a mature implementation of agile development methods, according to independent research, said Lipner.
Instead of the phased approach to SDL, the new guidelines show how to apply the principles to much shorter "sprints" of development aimed at faster delivery.
Some principles are applied to every sprint, while others are applied only once during a development project or in six-monthly cycles, said Lipner.
Threat modelling, for example, is mandated for every sprint. But setting up of a bug tracking system will happen only once in a project, and something like fuzzing or the testing of how malformed input is handled is done only every six months, he said.
"In this way all the principles of the SDL are applied, but not in a way that is counter to the development methodology," said Lipner.