Microsoft Security Development Lifecycle (SDL)
A forum for discussing the Microsoft SDL Process and guidance.
Announcements
- Link
Workaround for MSF-Agile+SDL v5.0 install error
SDL Team Friday, June 24, 2011 7:05 PMAnnouncement originially posted Tuesday, August 03, 2010 9:59 PM
Hi everyone,
We've talked with some people experiencing problems when trying to install the MSF-Agile+SDL v5.0 process template. We believe these problems are a result of an incompatibility with certain configurations of Sharepoint, and we are working to correct the issue for the next release of the MSF-Agile+SDL template. In the meantime, you should be able to work around the problem by following these instructions to disable the Sharepoint features of the template:
- Uninstall the template if you've already installed it.
- Reinstall the template files, and uncheck the Additional Sharepoint Components feature during the installation process.
- Using your XML editor of choice, open the file <template install dir>\Process Template\Windows SharePoint Services\wsstasks.xml.
- Near the bottom of the file, you will see the lines:
<!--TfsDashboardSDLAgile -->
<feature featureId="3F6F501A-5DFF-4359-8ED8-232784DFF47E" />
5. Comment out the second line, ie:
<!--TfsDashboardSDLAgile -->
<!-- <feature featureId="3F6F501A-5DFF-4359-8ED8-232784DFF47E" /> -->
6. Save the file and close
7. Open the Process Template Manager in Visual Studio
8. Delete the existing "MSF for Agile Software Development plus Security Development Lifecycle (SDL) v5.0" process template.
9. Upload the process template again, browse for <template install dir>\Process Template\process template.xml.
10. Close the Process Template Manager.
You should now be able to create MSF-A+SDL projects. If you're experiencing the install bug, please let us know if this helps workaround the problem (or if it doesn't).
Thanks,
Bryan
- Link
Announcing the templates for SDL Practices
SDL Team Friday, April 29, 2011 5:46 PMDownload the templates for SDL practices, a library of templates to help you get started with the more thought-based SDL practices or activities: Defining Security Requirements, Creating a Security Bug Bar, Performing a Security Risk Assessment, Conducting a basic threat model, Managing SDL Exception Requests, Performing a Final Security Review.
- Link
Tools updates: SDL Threat Modeling Tool, MiniFuzz File Fuzzer, SDL Regex Fuzzer
SDL Team Friday, September 16, 2011 10:37 PMThe SDL team has recently announced updated versions of three SDL tools:
SDL Threat Modeling Tool v3.1.8
Check them out and feel free to provide comments and feedback.
- Link
Announcing SDL Process Guidance Version 5.2
SDL Team Wednesday, May 23, 2012 9:10 PM - Link
Follow @MSFTsdl on Twitter
SDL Team Friday, June 24, 2011 7:12 PMFollow @MSFTsdl on Twitter to stay informed about the latest news, events and releases of the Microsoft Security Development Lifecycle.
Filtering and SortingUse these options to narrow down the question and discussion list.
- 1515349
Submitting bugs for SDL Threat Modeling Tool
Matthew Theobald Tuesday, January 19, 2010 1:57 PM - 1513659
Tool Crashes when you choose to "Include in next layer". What's the fix?
Allen Hall Monday, January 11, 2010 4:14 AM - 88538
sample .tms
b33p3r Wednesday, March 11, 2009 8:36 PM - 83708
Threat Model Tool Bug Submission to TFS
Muckie Thursday, October 20, 2011 7:07 PM - 89055
Differences between Threat Model Tool v.2.1 and v.3 beta and related approaches
Marco Vallini Wednesday, March 25, 2009 9:02 AM - 73911
SDL Threat Model Has Issues Starting up
rtafoya Wednesday, November 09, 2011 5:52 PM - 76963
error launching v3 Beta
M D A Friday, February 06, 2009 11:37 AM - 62415
ClaimsAuthenticationManager
MSDev23 Saturday, April 14, 2012 3:13 PM - 69740
logging into the TFS server to submit bugs from within SDL tool
JJQuinn Thursday, April 02, 2009 1:00 PM - 62710
SDL Threat Modelling Tool installation issues
cboers Tuesday, April 24, 2012 11:42 AM - 66486
Connecting a Windows Forms application to hosted database
ForEverLearning Wednesday, June 29, 2011 11:16 AM - 57774
Microsoft Bulletins List
Voronin_Pavel Monday, December 27, 2010 5:22 PM - 52681
Real time Vulnerability Scanning using Cat.Net and Roslyn (outside VisualStudio)
Dinis Cruz Thursday, June 07, 2012 10:51 PM - 52045
Attack Surface Analyzer test fails because of system principals
Alex_yuner Tuesday, October 02, 2012 8:08 AM - 510627
Visio 2010 not detected
jkuemerle Friday, February 25, 2011 4:36 PM - 53367
Modifying .xml template for Work Items in TFS for SDL
Mrzev Monday, October 31, 2011 10:07 PM - 510212
SDL Copyrights
david meltzer Wednesday, March 31, 2010 6:41 PM - 510997
Microsoft SDL Pro Network Member
leeniks Wednesday, June 30, 2010 12:36 PM - 41372
Threat Modeling Tool- Real Life Examples
Wilke Jansoone Friday, December 14, 2012 10:45 AM - 47762
Security API Function CertCreateSelfSignedCertificate Cannot be Used to Create A Valid SSL Certificate (per the likes of SelfSSL)
CVanHyn Tuesday, May 26, 2009 5:53 PM
