Announcing the MSF-Agile+SDL Process Template for TFS 2010

Hi everyone, Bryan here. Judging from the quantity of email I’ve been getting since Visual Studio 2010 shipped last month asking when we’ll have an SDL process template available for it, there are a lot of you out there who have already upgraded to VS 2010 and are looking to integrate SDL processes into your development environment. So, I am extremely happy to announce that the MSF-Agile+SDL Process Template for TFS 2010 is now available for download.

If you’re already using either the MSF-Agile+SDL template for TFS 2008 or the MSF for Agile Software Development template that ships in the box with TFS, you’ll find it extremely easy to pick up the new MSF-Agile+SDL template for TFS 2010. The new 2010 template retains all of the features of the 2008 template, including:

  • An SDL Task work item type that represents SDL requirements and recommendations
  • Automatic generation of new SDL Tasks whenever new iterations are added to the project or new code is checked into the source control repository
  • A modified Bug work item type that includes reportable fields for security cause and effect
  • Check-in policies that inspect for SDL security policy violations when users try to check in code changes
  • An integrated process exception workflow, to help ensure that product stakeholders are aware of potential security risks
  • Integration with the existing set of SDL tools including the SDL Threat Modeling Tool, BinScope and Minifuzz

In addition, the 2010 template also includes some new features:

  • A Security dashboard that gives users an at-a-glance summary of the current security development state of their projects
  • A Bugs-By-Origin chart to analyze effectiveness and ROI of your organization’s security tools
  • An integrated security bugbar (like the one described in the March MSDN Magazine Security Brief) to help non-security expert users correctly triage security bugs

The MSF-Agile+SDL process template is freely downloadable, so if you’re running TFS 2010, give it a try and be sure to let us know what you think about it.


About the Author
Bryan Sullivan

Principal Security Program Manager, Trustworthy Computing

Bryan Sullivan is a Principal Security Program Manager in the Microsoft Secure Development team, where he focuses on cryptography and cloud security. Bryan has spoken at security industry conferences such as RSA Conference, Black Hat, BlueHat, OWASP AppSec and TechEd Read more »

Join the conversation

  1. Anonymous

    Thanks for the post Bryan.  I tried installing on our TFS server but get a message about the installation ending prematurely because of an error.  I can't find any specific error information in the event logs.  Where can I find the error data?

  2. Anonymous

    I have the same error as agilecode. Any hints.

  3. sdl

    Thank you for using the SDL Agile Process Template and providing feedback. It sounds like you have met the first requirement of installing directly on the TFS 2010 server machine. There is a known issue with the Additional Sharepoint Components of the template. We have published a workaround here in the “Announcements” section of the MSDN SDL Tools forum here:…/threads

    Please let us know if this workaround resolves your issue.


    The SDL Team

Comments are closed.