Microsoft Security Development Lifecycle (SDL)

As software developers, you must address security and privacy threats in your applications. There are many guidelines available of Security Development Lifecycle, but here’s nice 160 page whitepaper from Microsoft that outlines the SDL process used by Microsoft product groups for application development.

Although this document does not provide an exhaustive reference on the SDL process as practiced at Microsoft, it does addresses SDL guidance for Waterfall and Spiral development, Agile development, web applications and Line of Business application and illustrates the way Microsoft applies the SDL to its products and technologies, including security and privacy requirements and recommendations for secure software development at Microsoft.

As the document mentions:
Secure software development has three elements—best practices, process improvements, and metrics. This document focuses primarily on the first two elements, and metrics are derived from measuring how they are applied.

No comments:

Post a Comment