21. May 2009 22:20
I've heard of the Microsoft SDL before, but honestly haven't looked deeper into it. It seems they've just released an template for visual studio that implements a security framework into the development process. A big step in the right direction for Microsoft, known for lax security in their applications (and windows built applications) they should have been pushing a security from within their design software (Visual Studio) years ago instead of general practices for developers.
I will most certainly be taking a look into it's implementation and just how much better it improves on the SDLC process in terms of implementing security principles. One interesting point to note, is that the framwork removes the use of strcpy(), strncat(), gets(), CopyMemory() and RtlCopyMemory(). The targets of buffer overflow attacks.
The Microsoft Security Development Lifescycle (SDL)
Picked up the news here: Darkreading