The announcement by Microsoft to help application developers write more secure code has been welcomed.
Microsoft's has introduced the secure development process template for the visual studio team system that will make secure code writing easier by integrating the SDL v4.1 automatically into the author's software development environment.
John Colley, managing director of (ISC)2 , claimed that the announcement should ‘have a significant impact on the priorities for software development and raise the profile of security as a quality assurance issue'.
Colley said: “This initiative is in line with what (ISC)2 has been advocating with the introduction of a professional program the Certified Software Security Lifecycle professional (CSSLP). Overall the development community has not prioritised security, but rather has focused on quality and usability issues.
“Business is increasingly focussed on the security of data housed in business software; consumers want products that are secure, not just user friendly. With this program Microsoft wants to ensure developers working with its platforms do not undermine the effort it has made to enhance its security.”
Colley also claimed that as well as impacting the public at large, this will also affect other vendors who will be forced to follow suit.
“Those working with competing platforms will have to adopt a similar approach in order to compete. Overall developers will have a whole new language to learn as they develop a common understanding of the entirety of the problem and how to tackle it.
“This is the most prevalent software vendor in the world setting an example for the development community that works with its programs. While it may not directly apply to every development house, it will set an example for the vendor community as a whole to take a broader whole lifecycle approach to enhancing software security,” said Colley.