Bugtraq mailing list archives
Security Development Lifecycle Whitepaper Available
From: "Michael Howard" <mikehow () microsoft com>
Date: Tue, 22 Mar 2005 15:11:51 -0800
Microsoft has made publicly available our Security Development Lifecycle (SDL) paper at http://msdn.microsoft.com/security/sdl. The SDL is the process that Microsoft has implemented for the development of software that needs to withstand malicious attack. The process encompasses the addition of a series of security-focused activities and deliverables to each of the phases of Microsoft's software development process. These activities and deliverables include the development of threat models during software design, the use of static analysis code-scanning tools during implementation, and the conduct of code reviews and security testing during a focused "security push". Before software developed under the SDL can be released, it must undergo a Final Security Review by a team independent from its development group. When compared to software that has not been subject to the SDL, software that has undergone the SDL has experienced a significantly reduced rate of external discovery of security vulnerabilities. This paper describes the SDL and discusses experience with its implementation across Microsoft software. Cheers, Michael [Writing Secure Code] http://www.microsoft.com/mspress/books/5957.asp [Protect Your PC] http://www.microsoft.com/protect [Blog] http://blogs.msdn.com/michael_howard
Current thread:
- Security Development Lifecycle Whitepaper Available Michael Howard (Mar 22)