Hi all, Anmol Malhotra here… I’m a Senior Security Engineer with Microsoft’s ACE (Assessment, Consulting & Engineering) Team. We are part of Microsoft Information Security group and our mission is to enable secure and reliable business for Microsoft and its customers. ACE Team is responsible for security, privacy and performance for line-of-business (LOB) applications at Microsoft. Since 2001, we have been working in identifying and reducing risk posed by applications in our enterprise. This experience has resulted in development of processes, tools and best practices to help develop and maintain secure applications for an enterprise. We developed the Security Development Lifecycle for Line-of-Business Applications (SDL-LOB) process which defines the standards and best practices for securing LOB applications.
As part of our continued commitment towards sharing security processes, and recommendations with our customers, we are excited to announce the new addition of detailed security requirements and recommendations for LOB applications with the release of Microsoft SDL version 4.1 on MSDN. SDL-LOB provides a mainstream approach to the SDL which focuses on development of applications which support business such as accounting, human resources (HR), payroll, supply chain management and resource planning applications etc.
Couple of things around this guidance –
a) This guidance is positioned exclusively for line-of-business applications or web applications and not for ISV/rich client and server application development.
b) It is important to emphasize that organizations should adapt rather than adopt the SDL-LOB process.
So here it is, Security Development Lifecycle for Line-of-Business Applications. Also look out for SDL-LOB blog series on the ACE Team blog starting in June. We’ll discuss the SDL-LOB phases and highlights.
Your comments & suggestions are very welcome.