M. Kainerstorfer, J. Sametinger, A. Wiesauer: Software Security for Small Development Teams - A Case Study, 13th International Conference on Information Integration and Web-based Applications & Services (iiWAS2011), Ho Chi Minh City, Vietnam, December 5-7, 2011.
Microsoft is developing wide-spread software solutions like the Windows operating system and the Office suite. In order to improve security of their products, they have introduced the Microsoft Security Development Lifecycle (MS-SDL). Ample documentation about the MS-SDL is available, thus, allowing other companies to adopt the lifecycle as well. We were wondering whether an adoption of the lifecycle is possible and useful for real small development teams, e.g., for a single developing person. In order to find out, we have done a practical test, i.e., we have used the MS-SDL for the development of a small, but real-world software project. The findings will be presented in this paper.