The SDL is the process that Microsoft has implemented for the development of software that needs to withstand malicious attack. The process encompasses the addition of a series of security-focused activities and deliverables to each of the phases of Microsoft's software development process. These activities and deliverables include the development of threat models during software design, the use of static analysis code-scanning tools during implementation, and the conduct of code reviews and security testing during a focused "security push". Before software developed under the SDL can be released, it must undergo a Final Security Review by a team independent from its development group. When compared to software that has not been subject to the SDL, software that has undergone the SDL has experienced a significantly reduced rate of external discovery of security vulnerabilities. This paper describes the SDL and discusses experience with its implementation across Microsoft software.
The complete document can be found here
Right now virtualization technologies are the novelty in PC Ecosystem, but not in the mainframe ecosystem since has been part of the majority of mainframe OS since almost 45 years, when was publish a paper titled "Time Sharing in Large Fast Computers" written in 1959 by Christopher Strachey for the International Conference on Information Processing at UNESCO. Last year Microsoft incorporates these technologies under the solutions portfolio to help customers to serves a variety of purposes. It enables hardware consolidation, because multiple operating systems can run on one computer. Key applications for VM technology include cross-platform integration as well as the following:
- Consolidation for development and testing environments. Each VM acts as a separate environment, which reduces risk and enables developers to quickly recreate different operating system configurations or compare versions of applications designed for different operating systems. In addition, a developer can test an early version of an application in a VM without fear of destabilizing the system for other users.
- Legacy application re-hosting. Legacy operating systems and applications can run on new hardware along with more recent operating systems and applications.
- Server consolidation. If several servers run applications that consume only a fraction of the available resources, VM technology can be used to enable them to run side by side on a single server, even if they require different versions of the operating system or middleware.
- Software demonstrations. With VM technology, users can recreate a clean operating system environment or system configuration quickly.
The missing part before MS incorporation in this subject was the support for applications members of the Windows Server System (
More info), at that moment all 3rd party solutions for virtualization was defined as Unsupported, which means that if something is broken the only way to get support is reproducing the environment in real hardware, the reason for that is because the support engineer need to be able to reproduce the problem and with other solutions is hard to do it because the extra code there (virtual hardware), so to support something is required extensive testing before to consider suitable for production environments (
Support policy for 3rd Party). One big step is the fact that Virtual PC/Virtual Server are now is part of the of the compliance criteria for the common engineering for the members of the Windows Server System, with this we'll see the increase of products supporting VM Technology and also the increase of flexibility in the current support policy. In fact last week was released the support policy around Microsoft Virtual Technology about the
Supported and
Unsupported products. Probably some of you will see as a small step, but actually is the beginning of the path that we just started and will continue to evolve as the products get passed thru the common engineering process and the market adopt more these type of technologies (right now the main scenarios we're the people is using the virtual technologies are in the testing/development scenarios, with small things in the consolidations/production environment), for instance the support by the hardware manufacture and other software manufacture adopt as a way to take more advantage of the resources on the new systems and automate things like provisioning, going to models like Forrester's
Fabric Operating System definition.
