A colleague asked a question on this topic last week at a Microsoft briefing: how, as security advocates in our own organizations, can we institute better security training as well as influence developers and other members of the IT organization on the importance of implementing security best-practices?

Answer: SDL content from Microsoft is a good start. They’ve invested big money in this since the XP SP2 days, and have shown good industry leadership. Check out these two resources in particular:

• Microsoft Security Development Lifecycle Core Training classes
• Agile + SDL process template for Team Foundation Server (and, by the way, using TFS, or a similarly robust software lifecycle tool that offers integrated source control and defect tracking, is security a best-practice in itself)

Also check out other stuff on the SDL landing page.

No Comments »