This article discusses:
The biggest difficulty in adapting the SDL to the needs of Web applications is simply one of time. The SDL was originally developed to improve the security of large, complex products like Windows, Microsoft Office, and SQL Server, and it has done so very successfully. Part of the reason for its success is its thoroughness: in its latest version, the SDL has more than 80 separate requirements and recommendations that product teams follow to improve their products' security and privacy. Figure 1 gives you an idea of the process involved in the SDL.
Unlike in classic SDL, where all of these requirements must be completed before the product can release, in SDL/A only one requirement from each bucket must be completed during each sprint. This is the concession that SDL/A makes to the shorter release schedules of Agile development projects. As they say, you can't fit ten pounds of flour in a five-pound sack, and the bucket requirements are the five extra pounds we've taken out. Figure 2 shows the new flow with SDL/A. Note that the checked items will be performed during the corresponding stage.
More MSDN Magazine Blog entries >
Browse All MSDN Magazines
Subscribe to MSDN Flash newsletter
Receive the MSDN Flash e-mail newsletter every other week, with news and information personalized to your interests and areas of focus.