Sunday, October 5, 2008

Security Development Lifecycle (SDL) made easier

The Microsoft Security Development Lifecycle (SDL) is a software security assurance process that will be shared publicly in November and hopefully help to make applications more secure.


Microsoft will release three new programs in November to share security best practices broadly with the industry. Based on the company’s Security Development Lifecycle, the programs are as follows:

  • SDL Optimization Model. The Optimization Model facilitates implementation of the SDL in development organizations outside of Microsoft. The model, which will be freely available for download, is based on the Microsoft IT Infrastructure and Application Platform Optimization models, which focus on leveraging IT as a driver of business value.
  • SDL Pro Network. The Network is a group of nine industry-leading consultancies that specialize in application security and have been specially trained by Microsoft. These providers will guide and support organizations in implementing the SDL in their environments. Currently in its build-out phase, the one-year pilot of the program will begin in November.
  • Microsoft SDL Threat Modeling Tool. This tool allows for structured analysis, tracking and mitigation of potential security and privacy issues, based on a methodology that any software architect can lead effectively. The tool has been used extensively within Microsoft, and will become freely available in November via the MSDN Download Center. More information about the tool, including a short demonstration, can be found on the SDL portal.

Read more on the SDL portal and the Q&A with Steve Lipner.

No comments:

Post a Comment