Microsoft Security Development Lifecycle (SDL)
A forum for discussing the Microsoft SDL Process and guidance.
Announcements
- Link
Workaround for MSF-Agile+SDL v5.0 install error
SDL Team Friday, June 24, 2011 7:05 PMAnnouncement originially posted Tuesday, August 03, 2010 9:59 PM
Hi everyone,
We've talked with some people experiencing problems when trying to install the MSF-Agile+SDL v5.0 process template. We believe these problems are a result of an incompatibility with certain configurations of Sharepoint, and we are working to correct the issue for the next release of the MSF-Agile+SDL template. In the meantime, you should be able to work around the problem by following these instructions to disable the Sharepoint features of the template:
- Uninstall the template if you've already installed it.
- Reinstall the template files, and uncheck the Additional Sharepoint Components feature during the installation process.
- Using your XML editor of choice, open the file <template install dir>\Process Template\Windows SharePoint Services\wsstasks.xml.
- Near the bottom of the file, you will see the lines:
<!--TfsDashboardSDLAgile -->
<feature featureId="3F6F501A-5DFF-4359-8ED8-232784DFF47E" />
5. Comment out the second line, ie:
<!--TfsDashboardSDLAgile -->
<!-- <feature featureId="3F6F501A-5DFF-4359-8ED8-232784DFF47E" /> -->
6. Save the file and close
7. Open the Process Template Manager in Visual Studio
8. Delete the existing "MSF for Agile Software Development plus Security Development Lifecycle (SDL) v5.0" process template.
9. Upload the process template again, browse for <template install dir>\Process Template\process template.xml.
10. Close the Process Template Manager.
You should now be able to create MSF-A+SDL projects. If you're experiencing the install bug, please let us know if this helps workaround the problem (or if it doesn't).
Thanks,
Bryan
- Link
Announcing the templates for SDL Practices
SDL Team Friday, April 29, 2011 5:46 PMDownload the templates for SDL practices, a library of templates to help you get started with the more thought-based SDL practices or activities: Defining Security Requirements, Creating a Security Bug Bar, Performing a Security Risk Assessment, Conducting a basic threat model, Managing SDL Exception Requests, Performing a Final Security Review.
- Link
Tools updates: SDL Threat Modeling Tool, MiniFuzz File Fuzzer, SDL Regex Fuzzer
SDL Team Friday, September 16, 2011 10:37 PMThe SDL team has recently announced updated versions of three SDL tools:
SDL Threat Modeling Tool v3.1.8
Check them out and feel free to provide comments and feedback.
- Link
Announcing SDL Process Guidance Version 5.2
SDL Team Wednesday, May 23, 2012 9:10 PM - Link
Follow @MSFTsdl on Twitter
SDL Team Friday, June 24, 2011 7:12 PMFollow @MSFTsdl on Twitter to stay informed about the latest news, events and releases of the Microsoft Security Development Lifecycle.
Filtering and SortingUse these options to narrow down the question and discussion list.
- 019
I have a question on identity impersonation
Mohideen Sandhu MuzafarGani 19 hours 54 minutes ago - 027
Do you know that System.IO.Port.SerialPort has some bug?
SaintBread Thursday, May 23, 2013 11:43 PM - 048
Blue Screen of Death Appears After Running Microsoft Windows Malware Removal Tool
Dryson Friday, May 17, 2013 7:46 PM - 048
SDL templates for TFS online
Ivan Ferić Tuesday, May 14, 2013 9:07 PM - 054
How to hide my source code from IL dessembler or .NET Reflecter, Even if C# CLR.
SaintBread Tuesday, May 14, 2013 9:27 AM - 058
Update to MSF-Agile+SDL Process Template for TFS 2012
msfreed Monday, May 13, 2013 10:48 PM - 059
Crash on loading SDL Tool
Phillip Hamlyn (Capita) Saturday, May 11, 2013 8:49 AM - 1393
Additional code generation
yeonwoonj Thursday, March 28, 2013 7:34 PM - 0182
Can't get back my account
Pluc18 Sunday, April 21, 2013 6:29 PM - 1341
BinScope GSFunctionOptimizeCheck fails for MFC functions
Vladimir.Belov.Spb Sunday, April 14, 2013 7:37 PM - 0244
Surface Attack Analyzer - No Security Issues
Tim Kuno Thursday, April 11, 2013 2:41 PM - 0296
SDL Threat Modelling Tool Error
ts6 Wednesday, April 10, 2013 10:07 AM - 1367
Microsoft Threat Modeling Tool and Visio problem
Niluomid Tuesday, March 26, 2013 3:12 PM - 0372
Integrate binscope into visual studio 2012
liorb Thursday, March 21, 2013 10:19 AM - 2442
Microsoft Visual Studio 2012 SAST Magic Quadrant
FT3S Thursday, March 14, 2013 1:23 PM - 1728
Microsoft Threat Modeling Tool + Threat Mitigation Completion Bar
Adam.M.Schroeder Tuesday, February 12, 2013 7:44 PM - 1713
Microsoft Threat Modeling Tool (Deep Copy)
Adam.M.Schroeder Tuesday, February 12, 2013 12:11 AM - 41281
Threat Model Tool compatible with Visio 2013
David Rubert Thursday, January 10, 2013 6:26 PM - 42748
Microsoft Attack Surface Analyzer V1 (just released a day or three ago) Download is deemed unsafe by IE9 - Certificate invalid - can't import fix.
Kosh VorlonMVPSaturday, August 04, 2012 9:17 AM - 83710
Threat Model Tool Bug Submission to TFS
Muckie Thursday, October 20, 2011 7:07 PM
