Agile software development differs from conventional programming models by abandoning the 'waterfall' approach. This traditional method carves up the software development process into discrete stages such as requirements gathering, design, coding, and testing. It means that software development teams and their customers must make commitments to software requirements early on, and then often don't interact very much until the final software is delivered.
Conversely, agile software development generally divides a project into specific subsections of functionality that can be quickly designed and coded, and shown to the customer for feedback. This iterative model takes the customer and the software development in close contact throughout the project lifecycle, and enables the customer to see what is being developed on a regular basis. It also makes it possible to change the software requirements as customer needs evolve.
Microsoft's Security Development Lifecycle began in 2004 as part of its trustworthy computing initiative. It constitutes a detailed set of guidelines explaining how software developers can build security into their software at an early stage.
David Ladd, principal security program manager in Microsoft's Trustworthy Computing (TwC) Group, explained that although there are many different versions of agile software development, the guidance was abstract enough to support them all.
"We conducted a number of beta tests with different teams using different agile methodologies; taking careful note of how the SDL performed against these different agile methods, collecting feedback from each of these groups and then incorporating their suggestions into the final product", he said.
Forrester Research has said that 85% of technology industry professionals have either just adopted, are midway through, all have a mature implementation of agile software development methods such as the Microsoft Security Development Lifecycle.