Hi everyone, Bryan here. Judging from the quantity of email I’ve been getting since Visual Studio 2010 shipped last month asking when we’ll have an SDL process template available for it, there are a lot of you out there who have already upgraded to VS 2010 and are looking to integrate SDL processes into your development environment. So, I am extremely happy to announce that the MSF-Agile+SDL Process Template for TFS 2010 is now available for download.
If you’re already using either the MSF-Agile+SDL template for TFS 2008 or the MSF for Agile Software Development template that ships in the box with TFS, you’ll find it extremely easy to pick up the new MSF-Agile+SDL template for TFS 2010. The new 2010 template retains all of the features of the 2008 template, including:
- An SDL Task work item type that represents SDL requirements and recommendations
- Automatic generation of new SDL Tasks whenever new iterations are added to the project or new code is checked into the source control repository
- A modified Bug work item type that includes reportable fields for security cause and effect
- Check-in policies that inspect for SDL security policy violations when users try to check in code changes
- An integrated process exception workflow, to help ensure that product stakeholders are aware of potential security risks
- Integration with the existing set of SDL tools including the SDL Threat Modeling Tool, BinScope and Minifuzz
In addition, the 2010 template also includes some new features:
- A Security dashboard that gives users an at-a-glance summary of the current security development state of their projects
- A Bugs-By-Origin chart to analyze effectiveness and ROI of your organization’s security tools
- An integrated security bugbar (like the one described in the March MSDN Magazine Security Brief) to help non-security expert users correctly triage security bugs
The MSF-Agile+SDL process template is freely downloadable, so if you’re running TFS 2010, give it a try and be sure to let us know what you think about it.