Microsoft Security Development Lifecycle (SDL)

As software developers, you must address security and privacy threats in your applications. There are many guidelines available of Security Development Lifecycle, but here’s nice 160 page whitepaper from Microsoft that outlines the SDL process used by Microsoft product groups for application development.


Although this document does not provide an exhaustive reference on the SDL process as practiced at Microsoft, it does addresses SDL guidance for Waterfall and Spiral development, Agile development, web applications and Line of Business application and illustrates the way Microsoft applies the SDL to its products and technologies, including security and privacy requirements and recommendations for secure software development at Microsoft.

As the document mentions:
Secure software development has three elements—best practices, process improvements, and metrics. This document focuses primarily on the first two elements, and metrics are derived from measuring how they are applied.





About The Author

Suprotim Agarwal
Suprotim Agarwal, Developer Technologies MVP (Microsoft Most Valuable Professional) is the founder and contributor for DevCurry, DotNetCurry and SQLServerCurry. He is the Chief Editor of a Developer Magazine called DNC Magazine. He has also authored two Books - 51 Recipes using jQuery with ASP.NET Controls. and The Absolutely Awesome jQuery CookBook.

Follow him on twitter @suprotimagarwal.

No comments: