SDL for Base OS

Question

We´re making a formal Risk Assessment for our "Basic Application Servers" (Standard Application Plattform based on Windows Server 2008 R2) wich is similar to the SDL Process. In this Assessment we are targeting to secure the Operating System and the System near Software like Backup Application or System Management Tools.

A specialized SDL for a whole Plattform (OS + Base Apps + Costumer App) would be great! Microsofts Security Compliance Manager does not fill this gap...

Answer 1

Hey there!

That comment is DEFINITELY out of scope of the SDL TM forum here, but never the less an interesting topic for discussion. I don't think you would EVER want a specialized SDL process for a whole platform. The scope would just be far too large to manage. It would be better to model each area individually, and refer to other threat models as external entities as required. There will always be other people working on other areas, and they simply will not have enough depth to be able to understand the data flow to make a good determination of impacts on other areas within their own model.

Let me turn that around though and ask this... how would YOU see and expect it to work? How can you rely on a customer app and their coding principles and practices to impact the framework apps, and ultimately the OS. They are written by different companies, with different methodologies, and different SDL processes (if they even exist).

How could you manage such a beast?