Dev-C is a free IDE for Windows that uses either MinGW or TDM-GCC as underlying compiler. Originally released by Bloodshed Software, but abandoned in 2006, it has recently been forked by Orwell, including a choice of more recent compilers. Introduction to C# Microsoft. Enrollment is Closed. About this course. There are many programming languages in use today. Choosing which language to program in can be based on many factors such as learning curve, job specific requirements, platform specifics, or a plethora of other criteria. Gerry O’Brien is a Senior Content Development.
Microsoft Dev 204.1x Introduction To C Pdf
All software developers must address security threats. Computer users now require trustworthy and secure software, and developers who address security threats more effectively than others can gain competitive advantage in the marketplace. Also, an increased sense of social responsibility now compels developers to create secure software that requires fewer patches and less security management.
Privacy also demands attention. To ignore privacy concerns of users can invite blocked deployments, litigation, negative media coverage, and mistrust. Developers who protect privacy earn users’ loyalties and distinguish themselves from their competitors.
Secure software development has three elements-best practices, process improvements, and metrics. This document focuses primarily on the first two elements, and metrics are derived from measuring how they are applied.
Microsoft has implemented a stringent software development process that focuses on these elements. The goal is to minimize security-related vulnerabilities in the design, code, and documentation and to detect and eliminate vulnerabilities as early as possible in the development lifecycle. These improvements reduce the number and severity of security vulnerabilities and improve the protection of users’ privacy.
Secure software development is mandatory for software that is developed for the following uses:
(For more specific definitions, see the 'What Products and Services are Required to Adopt the Security Development Lifecycle Process?' section later in this Introduction.)
This document describes both required and recommended changes to software development tools and processes. These changes should be integrated into existing software development processes to facilitate best practices and achieve measurably improved security and privacy.
Note: This document outlines the SDL process used by Microsoft product groups for application development. It has been modified slightly to remove references to internal Microsoft resources and to minimize Microsoft-specific jargon. We make no guarantees as to its applicability for all types of application development or for all development environments. Implementers should use common sense in choosing the portions of the SDL that make sense given existing resources and management support. Also read the Simplified Implementation of the Microsoft SDL white paper that illustrates the core concepts and security activities to be performed by any development organization that wants to implement the Microsoft SDL.
On This Page
The Traditional Microsoft Product Development Process
Secure by Design Secure by Default Secure in Deployment Communications Privacy by Design Privacy by Default Privacy in Deployment Communications The Security Development Lifecycle What Products and Services Are Required to Adopt the SDL Process? Are Service Releases Required to Adopt the SDL Process? How Are New Recommendations and Requirements Added to the SDL Process? How Are SDL Requirements Determined for a Specific Product Release? The Traditional Microsoft Product Development Process
In response to the Trustworthy Computing (TwC) directive of January 2002, many software development groups at Microsoft instigated security pushes to find ways to improve the security of existing code and one or two prior versions of the code. However, the reliable delivery of more secure software requires a comprehensive process, so Microsoft defined Secure by Design, Secure by Default, Secure in Deployment, and Communications (SD3+C) to help determine where security and privacy efforts are needed. The guiding principles for SD3+C are identified in the following subsections.
Secure by Design
Secure by Default
Secure in Deployment
Communications
An analogous concept to SD3+C for privacy is known as PD3+C. The guiding principles for PD3+C are:
Privacy by Design
Privacy by Default
Privacy in Deployment
Communications
The Security Development Lifecycle (SDL)
After you add steps to the development process for all elements of SD3+C, the secure software development process model looks like the one shown in Figure 1.
Figure 1. Secure software development process model at Microsoft
Process improvements are incremental and do not require radical changes in the development process. However, it is important to make improvements consistently across an organization.
The rest of this document describes each step of the process in detail.
What Products and Services Are Required to Adopt the SDL Process?
Are Service Releases Required to Adopt the SDL Process?
Any external release of software that can be installed on a customer’s computer, regardless of operating system or platform, must comply with security and privacy policies as described in the Security Development Lifecycle. This SDL applies to new products, service releases such as product service packs, feature packs, development kits, and resource kits. The terms service pack and feature pack might not always be used in the descriptive title of a release to customers, but the following definitions differentiate what constitutes a new product from a service release or feature pack.
All software releases referenced in the 'What Products and Services Are Required to Adopt the SDL Process?' section must adopt SDL. However, current SDL requirements will be applied only to the new features in the service release and not retroactively to the entire product. Also, product teams are not required to change compiler versions or compile options in a service release.
Microsoft Dev 204.1x Introduction To ChangeHow Are New Recommendations and Requirements Added to the SDL Process?
The Security Development Lifecycle consists of the proven best practices and tools that were successfully used to develop recent products. However, the area of security and privacy changes frequently, and the Security Development Lifecycle must continue to evolve and to use new knowledge and tools to help build even more trusted products. But because product development teams must also have some visibility and predictability of security requirements in order to plan schedules, it is necessary to define how new recommendations and requirements are introduced, as well as when new requirements are added to the SDL.
New SDL recommendations may be added at any time, and they do not require immediate implementation by product teams. New SDL requirements should be released and published at six-month intervals. New requirements will be finalized and published three months before the beginning of the next six-month interval for which they are required. For more information about how to hold teams accountable for requirements, see How Are SDL Requirements Determined for a Specific Product Release?
The list of required development tools (for example, compiler versions or updated security tools) is typically the area of greatest interest because of the potential impact on schedule and resources. The following example timeline helps to illustrate this point:
How Are SDL Requirements Determined for a Specific Product Release?
A product release is held accountable for the SDL requirements that are current on the day the product registers a request for SDL review. Product teams can refer to the SDL version numbers to determine the appropriate policies to follow. There are some caveats to this rule:
The following examples illustrate how SDL requirements are determined:
Content DisclaimerMicrosoft Dev 204.1x Introduction To C 1
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2020
Categories |