12:30 Sdl now for the clouds and fast development | |
For a growing number of business customers opting for vychislitelnoy client environment, a cloud, or both, safety manual must be dynamic. Because security and privacy are key probleamami, vlyuyayuschimi to choose computing environment, manufacturers are able to convince the customer that the web applications running in the cloud can funktsiorinovat to safely and securely. Microsoft has taken steps to make available the best achievements in the field of security a wide range of developers. These include management, optimization model SDL, and the Threat Modeling Tool. All of the above, plus the subsequent releases of SDL, tools, guidelines and technologies will allow software developers and partners-manufacturers provide the required level of security in their applications and their users a more secure computing environment. Recently at a conference in Berlin, Germany, Microsoft announced two new documents SDL Review of safety issues for the client and Cloud (EN). Download the report commands SDL, which discusses issues relating to client and Cloud, as well as the steps taken by Microsoft for the development of SDL in solving security issues. SDL 4.1a, expanded version, including the process of rapid development (EN). Download the latest guide to SDL, which includes the head of SDL for rapid development, a clear approach, combining fast methods, and safety. Complete and, moreover, flexible guide SDL for rapid development includes all the requirements of SDL, providing additional guidance on how to use them for very short realizes a cycle. Let us dwell briefly on each of them. Review of safety issues for the client and Cloud While the producers of computer technology to discuss how cloud computing environment, clients are concerned about how you will be provided with safety information. As a result of a September 2009 online survey of IT Pro's about 51% of respondents put the safety and security of information as the main obstacles to making a decision about using the cloud. For consideration of safety issues for the client and Cloud (EN) Microsoft is considering security from the perspective of an organization that can rassmatirovat placing their applications in the cloud. If you intend to store your application in the cloud, at a high level, you have asked questions concerning the two main security issues: · Requirements and compliance with security. If you have any requirements that should make the provider to provide the required level of security for your software for storage in the cloud? What did he do to ensure these requirements? · Features and security services. Different providers may offer various security features (such as supporting particular types of identification) as well as different levels of security service in their SLA. Read the details in order to know exactly what specific services they will provide you with the terms of prospects of security. Sure, in software development for clouds and for client needs in a structured development process in terms of security, such as SDL. Therefore, make sure that their applications do you use a structured process for developing security as SDL. SDL for rapid development You are not alone if you are using a process of rapid development. Agile development methods are increasingly chosen by producers around the world. According to an independent report Forrester, 85% of professionals in the field of industrial technology, or just selected, or in the decision making process or already use the methods of rapid development. Note: If you are not familiar with the rapid development and would like to know more, you can read about it on http://www.agilemanifesto.org. Wikipedia defines it as: Rapid development of software refers to a group of software development methodologies based on iterative development, where requirements and solutions to spin through the cooperation between the self-organizing cross-functional teams. The term was established in 2001 in the preparation of Agile Manifesto. It is also noteworthy early Agile development methods include: Scrum (1995), Crystal Clear, Extreme Programming (1996), Adaptive Software Development, Feature Driven Development, and Dynamic Systems Development Method (DSDM) (1995). Following the publication in 2001, Agile Manifesto, they were treated to a quick methodology. In his blog on SDL Brian Sullivan gives an excellent description of the team approach to the problem of SDL requirements and processes, transforming leadership is suitable for rapid development framework that can be flexibly applied to both long and short of quick development. Here is a brief overview of his post. Looking at the Security Development Lifecycle SDL, and describing it in phases, you can see that it was originally designed for integration into the spiral development of products used by Microsoft to develop Windows and other business products. Although between spiral techniques and methods of rapid development, there are many differences, the main ones for me are: · Agile development methods have no clear phase · Releases rapid development is usually much shorter, in some cases only one or two weeks Due to these differences, SDL for rapid development divides SDL (on demand) into three categories: the requirement for each quick step, the requirements are so important that they should be completed for each repetition, one-time requirements, the requirements that must be completed once during the entire project regardless of the duration of the project, and the bucket requirements, requirements that need to be regularly shut, but they are not so important to do so with each repetition. Threat Modeling is a perfect example: a team can throughout the week to create a threat model, but it will not necessarily be the most efficient use of their time. SDL for rapid development gives an idea of ??how a team can spend the appropriate amount of time, models the new opportunities, as well as how to construct a basic model to the existing functionality. For a complete guide to SDL for rapid development download SDL 4.1a, expanded version, including the process of rapid development (EN) and read the new sections on rapid development. Concluding remarks As the production of computers, Microsoft continues to invest in the foundations of security and privacy, offering design, the best instruments and technologies for both the client and for cloud applications. Issue SDL for rapid development, and report on security applications in the cloud confirmed by the fact that Microsoft is doing everything possible to keep pace with the times, and eventually be able to create more robust online security. | |
|
Total comments: 0 | |