原文:
It's been a long strange trip toward better security for Microsoft, but
they've made enough progress to have both improvements to their
technique and some highly interesting war stories. The company's got a
new site explaining the past decade's advances, and you have a reson to
read comics at work day.
The process of "baking security in" -- getting developers to think
about security less as "those people who yell at us" and more as an
integral part of any software-construction effort -- lends its name to
Baking Security In. which details Microsoft's progress on the Sccurity
Development Lifecycle, a process involving 14 stages and checkpoints
over the six stages of the software-devlopment cycle (requirments,
design, implement, verification, release, support/service ).
Microsoft has previously estimated that adoption of the SDL strategy
increases lifecycle costs by 20%, If that's a hit the company's willing
to take to build security into their products, building a fairly clever
educational site including "The Amaing Adeventures of Kevlarr", a
developer who requires some convincing (that's him above), is just part
of the effort, But come forthe comics and stay for the videos, as
real-life, non-animated Microsofties like Steve Lipner and Michael
Howard recount their memories of the days before Microsoft got
security-serious.
译文:
微软安全开发的旅程奇怪而又漫长,但是他们在技术的进步和有趣的战略故事上都发展迅速,微软今天启动了一个新站点用动画的形式来解释过去十年中微软就安全技术方面所作出的努力和进步,很值得在上班的时候看一看这个连环画。
“baking sercurity in”
这个过程,是让开发者不仅仅是考虑那些侵犯系统程序的人,而且要更多将安全作为任何一个软件开发努力中完整的一部分,将这个过程取名为“Baking
Security in”,
在这个连环画中详细介绍了微软在安全开发周期(SDL)中的进步,其中包括14个阶段和检查要点覆盖了软件开发周期的六个步骤(需求,设计,实施,验证,
发表,支持/服务)。
微软先前估计如果采用SDL战略成本将增加20%,但是如果这是必要的,那么公司愿意去为其产品建立安全体系,并且建立一个很有教育意义的网站包含
“Kevlarr的传奇经历”,一个开发者很有说服力,其为安全开发周期做出了努力。但是他来自动画,停留在视频上,而作为现实中非动画虚构的人物像
Steve Lipner和Michael Howard回忆了在微软有意识安全问题严重性以前的那段日子。
posted on 2009-02-20 09:48
zoyi 阅读(189)
评论(0) 编辑 收藏 引用 所属分类:
技术杂文