SDL Process Templates for Visual Studio Team Foundation Server 2013

Today, we are excited to announce the general availability of a new version SDL process templates:

This version of the SDL Process Templates is specific to the Microsoft Security Development Lifecycle version 5.2

The SDL Process Templates automatically integrate policy, process and tools associated with the Microsoft Security Development Lifecycle (SDL) in Visual Studio 2013 and Visual Studio Team Foundation Server (TFS). With the process templates code checked into the Visual Studio TFS source repository by the developer is analyzed to ensure that it complies with SDL secure development practices. The templates also create security workflow tracking items for manual SDL processes such as threat modeling to ensure that these important security activities are not accidentally skipped or forgotten.

The SDL Process Templates include: 

  • SDL-based customized check-in policies
  • Security work items
  • Security dashboard
  • Integration with SDL process guidance
  • Customized security queries

Figure 1 Visual Studio 2013 Team Foundation Server Security Dashboard


Eases the adoption of the SDL
The SDL Process Templates automate the creation of SDL requirements and enables development teams to begin adopting the SDL process without having to be fully trained on the SDL. It integrates the SDL into everyday tasks by leveraging the existing development environment (Visual Studio) and the project-wide framework (TFS) in a way that is familiar to program managers and testers, as well as developers.

Provides auditable security requirements and status
The SDL Process Templates include the Security Dashboard which provides an up-to-the- minute overview of security issues and status for all security requirements associated with a project. This report allows management to document and verify that SDL requirements were met prior to a product’s release.

Demonstrates security return on investment
The SDL Process Templates allow for the integration of third-party tools that work with TFS. Through reporting, the template provides data that allows you to assess the effectiveness of your security tools. In addition, the template enables you to experience the benefits of the SDL by discovering security issues early in your development lifecycle, reducing the total cost of development.


About the Author
SDL Team

Trustworthy Computing, Microsoft