[go: up one dir, main page]
Scribd
Upload
299 views2 pages

Microsoft Security Development Lifecycle

The document summarizes Microsoft's Security Development Lifecycle (SDL), which is Microsoft's process for building security into software development. The SDL involves procedures carried out by testers, developers, and other roles to integrate security practices across all phases of development. It was created in 2004 and has since evolved, being updated regularly to address new threats. The SDL is mandatory for Microsoft product development and has led to improvements in security. Microsoft shares the SDL process with other software vendors and organizations to help improve security practices across the industry.

Uploaded by

faris
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
299 views2 pages

Microsoft Security Development Lifecycle

The document summarizes Microsoft's Security Development Lifecycle (SDL), which is Microsoft's process for building security into software development. The SDL involves procedures carried out by testers, developers, and other roles to integrate security practices across all phases of development. It was created in 2004 and has since evolved, being updated regularly to address new threats. The SDL is mandatory for Microsoft product development and has led to improvements in security. Microsoft shares the SDL process with other software vendors and organizations to help improve security practices across the industry.

Uploaded by

faris
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

February 2013

Microsoft Security
Development Lifecycle

Key Points BACKGROUND


Today’s cyber security threats are complex, sophisticated, and
●● The Microsoft Security Development ever-changing. They require an ongoing, multifaceted response
Lifecycle (SDL) is Microsoft’s security from the information technology industry for development
assurance process for software solutions that optimize software security and provide for safer
development that builds security computing experiences for people around the world.
into every phase of software devel-
opment and provides defense-in- The Microsoft Security Development Lifecycle (SDL) is
depth guidance and protection. Microsoft’s security assurance process for software development
that introduces security and privacy at every step of the way. It
●● The SDL is a hands-on set of offers a holistic and practical approach to addressing evolving
procedures involving testers, security threats and increasingly sophisticated cyber crime.
developers, program managers,
and architects working in concert Microsoft developed the SDL process in 2004 as part of a
with product security teams across defense-in-depth approach to security. It was created to reduce
the company. Its security innova- the number of vulnerabilities in Microsoft software and to give
tions are integrated into Microsoft users high-quality, meticulously engineered, rigorously tested
Office, the Windows operating software that better defends against malicious attacks. Microsoft
system, Microsoft SQL Server, and engineers and security experts realized that performing security
many other Microsoft products activities as part of a repeatable process results in greater
and services. security gains and return on investment, and creates a more
secure Internet environment. Using the SDL helps developers
create software that has fewer, less severe vulnerabilities.
●● The SDL is continuously evolving
and improving. It is updated to
take advantage of newly developed
defensive techniques in security
science and in anticipation of
emerging threats.

●● Microsoft shares the SDL with the


software industry. The SDL has been
adopted (sometimes in a modified
form) by a variety of software and
hardware vendors, government
agencies, and software develop-
ment organizations.
MICROSOFT APPROACH POLICY CONSIDERATIONS
●● Using the SDL is a mandatory practice for product ●● Microsoft believes in a collective approach to
development at Microsoft. As shown below, it security that involves the entire IT community, so the
comprises a series of systematic security- and company shares security expertise, process guidance,
privacy-focused activities throughout the software and technology with developer and IT professional
development lifecycle— from technical training for communities worldwide. As of 2012, IT professionals have
engineers to processes for emergency responses downloaded Microsoft SDL guidance, white papers, and
after deployment. tools and resources more than a million times.

●● Software development is an evolving process and so The SDL Chronicles document how the Microsoft
is the SDL. While it’s impossible to completely prevent Security Development Lifecycle has helped public and
all vulnerabilities during software development, private organizations change their engineering cultures
when they do emerge, Microsoft engineers perform and develop more secure software. Key industry leaders
root-cause analysis to understand the problem. They including Cisco and Adobe have based their security
then identify corrective actions and incorporate that development methods on the Microsoft SDL.
knowledge into the next version of the SDL. ●● Any government approach to addressing the
●● Implementing the SDL has led to measurable problems of information security should also protect
improvements in the security and privacy of innovation and ensure the continued adoption of new
Microsoft’s products. technologies. Government and industry can work
together to establish appropriate principles that strike
the right balance between regulation and innovation.

Helpful Resources
The Security Development Lifecycle
www.microsoft.com/sdl

The SDL Chronicles


aka.ms/SDL-Chronicles

Microsoft Trustworthy Computing


www.microsoft.com/twc/

You might also like