Microsoft Beefs Up Security Development Lifecycle
Microsoft has evolved its Security Development Lifecycle (SDL) to help developers better address security in the design and development phases of the application lifecycle. In addition, Microsoft is delivering an SDL optimization model, a new SDL service provider network and a new threat modeling tool.In light of continuing and progressively more pernicious security threats heading into the application stack, Microsoft is evolving its Security Development Lifecycle and providing services, support and tools around it to help enterprises build more secure applications starting at the design and development phase. Steve Lipner, Microsoft's senior director of security engineering strategy, said the SDL is a software security assurance process that has helped to embed security and privacy in Microsoft software and culture. The SDL is Microsoft's software security assurance process, which has been a Microsoft-wide initiative and a mandatory policy since 2004, And the SDL has led Microsoft to security improvements in flagship products such as Windows Vista and SQL Server.
Lipner said as part of its commitment to supporting a more secure and trustworthy computing ecosystem, Microsoft is making SDL process guidance, tools and training available for every developer. So Microsoft is sharing its SDL concepts with ISVs (independent software vendors), partners and customers with the objective of improving the security and privacy of the entire computing ecosystem. One way Microsoft plans to do this is through its new SDL Optimization Model. And the company also is finalizing a new SDL partner program and a threat modeling tool, all of which will be released in November.