Microsoft publishes report on its Security Development Lifecycle


Microsoft publishes report on its Security Development Lifecycle

Warwick Ashford

Microsoft has published a new report that outlines nine years of progress in developing, improving and sharing the Security Development Lifecycle (SDL) process.

The SDL Progress Report is aimed showing IT business decision-makers the links between secure development, reduced attacks and business efficiencies.

Using both internal and external information, the report concludes that adopting secure development processes, like the SDL, can lead to the earlier identification of vulnerabilities and offset the costly cycle of addressing vulnerabilities at the end of the development cycle or after an attack.

The report also shows how combining technology and processes can enhance the benefits of secure development.

"We hope you find valuable information on secure development lessons learned at Microsoft, how we've applied security science, and the correlation between holistic security processes, risk reduction, and organisational efficiency," Microsoft's SDL team said in a blog post.

According to the team, one of the most important leessons has been that security threats are not static.

For this reason, work on developing secure software and evolving the SDL to stay ahead of complex attacks will never be done, they said, but the team believes its SDL tools and processes add value and should be shared broadly with the security ecosystem.

"A collective effort is needed to meet the threat to computer users worldwide," they said.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy