Agile now complies with SDL
Yesterday at the Tech • Ed Europe 2009 conference in Berlin, Microsoft announced the expansion of the Security Development Lifecycle (SDL) project development security standards to Agile agile methods. The SDL standard now conforms to both the iterative model and the weekly development cycle. In line with this, the official SDL guide has been updated to version 4.1a (Agile methodologies are on pages 45-53). Not much, but more than enough.
This is a very important event that speaks about the final victory of Agile. Now only the most backward manager can call programming using agile methods as chaotic unsystematic development (and some said, referring to the fourth alternative of the Agile manifest and Agile principles , in particular, paragraph 2: “Greet the changing project requirements even in the later stages of development”) .
In fairness, we note that in our time there are few such managers. According to independent research, 85% of software companies in the world already use Agile or are planning to apply, or partially use this methodology (From Agile Development To Agile Engagement, Forrester Research, May 2009).
')
Microsoft Trustworthy Computing Group experts have successfully adapted the SDL for Agile and insist that the use of proprietary safety rules will not reduce the speed and convenience of working on this methodology. To make this possible, the SDL for Agile Development standard has been made as simple and customizable as per the principles of Agile itself. At the same time, it supports all the tools, reference and educational resources that are part of the Microsoft SDL.
Compatibility with SDL is very important for large software companies, in which the development process must necessarily meet all such standards. Because of the “incompatibility with SDL”, they couldn’t have used Agile with all their desire. Now the scope of the use of innovative methods of agile development should be significantly expanded. Moreover, Agile can now be considered not just a fashionable and efficient technology, but quite a serious methodology that complies with recognized safety standards.
This is a very important event that speaks about the final victory of Agile. Now only the most backward manager can call programming using agile methods as chaotic unsystematic development (and some said, referring to the fourth alternative of the Agile manifest and Agile principles , in particular, paragraph 2: “Greet the changing project requirements even in the later stages of development”) .
In fairness, we note that in our time there are few such managers. According to independent research, 85% of software companies in the world already use Agile or are planning to apply, or partially use this methodology (From Agile Development To Agile Engagement, Forrester Research, May 2009).
')
Microsoft Trustworthy Computing Group experts have successfully adapted the SDL for Agile and insist that the use of proprietary safety rules will not reduce the speed and convenience of working on this methodology. To make this possible, the SDL for Agile Development standard has been made as simple and customizable as per the principles of Agile itself. At the same time, it supports all the tools, reference and educational resources that are part of the Microsoft SDL.
Compatibility with SDL is very important for large software companies, in which the development process must necessarily meet all such standards. Because of the “incompatibility with SDL”, they couldn’t have used Agile with all their desire. Now the scope of the use of innovative methods of agile development should be significantly expanded. Moreover, Agile can now be considered not just a fashionable and efficient technology, but quite a serious methodology that complies with recognized safety standards.
Source: https://habr.com/ru/post/74894/
All Articles