MSF-A+SDL is a TFS process template that incorporates the Security Development Lifecycle (SDL) for Agile process guidance into the MSF Agile development framework. With the MSF-A+SDL template, any code checked into the Visual Studio Team System source repository by the developer is analyzed to ensure that it complies with SDL secure development practices. The template also automatically creates security workflow tracking items for manual SDL processes such as threat modeling to ensure that these important security activities are not accidentally skipped or forgotten.
Microsoft makes its basic SDL training content available to the public. This content consists of 4 training presentations.
- Introduction to the Microsoft Security Development Lifecycle (SDL)
- Introduction to Microsoft Threat Modeling
- Basics of Secure Design, Development, and Test
- Privacy for Software Development
Microsoft will be making a TFS 2010 version of the MSF-A+SDL template available shortly after TFS 2010 releases according to this post by Brian Harry.