Compartilhar via

DOD Is Very Close To Issuing Guidance That Incorporates Large Portions Of The Microsoft SDL

  • Artigo

 

This morning I had a chance to listen to Scott Charney, VP of Microsoft Trustworthy Computing, at the All Hands meeting. Scott brought up a good point this morning about the need to reach out to the industry.

One of the issues consumers have with windows is that it's a bad experience out of the box. Out of the box it comes with Windows Vista loaded, which is built on the Microsoft Secure Development Lifecycle (SDL). However, on top of it, our hardware vendors load all kinds of stuff on top of Windows Vista,  because they make money from other software vendors for including this with Windows Vista. There was some discussions around improving the windows experience by providing customers with clean windows install with each machine by offering credits or discounts to vendors who don't load anything else on top of windows. Problem is that this hurts the software ecosystem that exists around Microsoft tools and technologies. A better answer is to get the  industry to agree to a standard way for secure software development to ensure the user is safe online and their privacy is guaranteed. Online Consumer Safety is comprised on Security(Secure IT and secure software development)  and Privacy (data, online privacy). It's important to note that Security (secure software development) is the foundation for enabling privacy for consumers who purchase and use their applications on Windows Vista and XP.

Recently, there have been some steps taken by Microsoft and other industry leaders to help standardize secure software development. The DOD is very close to issuing guidance that will incorporate large portions of the Microsoft SDL into it's mandatory standards for it's IT and it's vendors. Check out the draft document at the link below.

 

image

https://iase.disa.mil/stigs/draft-stigs/application-security-dev-stigv2r0-1-102307.doc

Comments

  • Anonymous
    June 01, 2008
    You can always tell when it's been a particularly busy week at home and at work... the reading list looks